getBucketEncryption method
Written by
Updated at May 5, 2026
Returns information about bucket encryption. For more information about bucket encryption, see Encryption in Object Storage.
For more information on getting started with the API and the general request format, see How to use the S3 API.
Request
GET /{bucket}?encryption HTTP/2
Path parameters
| Parameter | Description |
|---|---|
bucket |
Bucket name. |
Headers
Use only common headers in your requests.
Response
Headers
Responses can only contain common headers.
Response codes
For a list of possible responses, see Responses.
A successful response contains additional data in XML format with the schema described below.
Data schema
<ServerSideEncryptionConfiguration>
<Rule>
<ApplyServerSideEncryptionByDefault>
<KMSMasterKeyID>string</KMSMasterKeyID>
<SSEAlgorithm>string</SSEAlgorithm>
</ApplyServerSideEncryptionByDefault>
</Rule>
...
</ServerSideEncryptionConfiguration>
| Element | Description |
|---|---|
ApplyServerSideEncryptionByDefault |
Sets default encryption for the object, if no other encryption parameters are specified in the request. Path: ServerSideEncryptionConfiguration\Rule\ApplyServerSideEncryptionByDefault. |
KMSMasterKeyID |
KMS key ID. Path: ServerSideEncryptionConfiguration\Rule\ApplyServerSideEncryptionByDefault\KMSMasterKeyID. |
Rule |
Server-side encryption policy. The encryption is defined by KMSMasterKeyID and SSEAlgorithm.Path: ServerSideEncryptionConfiguration\Rule. |
ServerSideEncryptionConfiguration |
Default encryption configuration for new objects in the bucket. Path: ServerSideEncryptionConfiguration. |
SSEAlgorithm |
Encryption algorithm Available values: aws:kms.Path: ServerSideEncryptionConfiguration\Rule\ApplyServerSideEncryptionByDefault\SSEAlgorithm. |