getBucketEncryption method
Written by
Updated at March 19, 2025
Returns information about bucket encryption. For more information about bucket encryption, see Encryption in Object Storage.
For more information on getting started with the API and the general request format, see How to use the S3 API.
Request
GET /{bucket}?encryption HTTP/2
Path parameters
| Parameter | Description |
|---|---|
bucket |
Bucket name. |
Headers
Use only common headers in your requests.
Response
Headers
Responses can only contain common headers.
Response codes
For a list of possible responses, see Responses.
A successful response contains additional data in XML format with the schema described below.
Data schema
<ServerSideEncryptionConfiguration>
<Rule>
<ApplyServerSideEncryptionByDefault>
<KMSMasterKeyID>string</KMSMasterKeyID>
<SSEAlgorithm>string</SSEAlgorithm>
</ApplyServerSideEncryptionByDefault>
</Rule>
...
</ServerSideEncryptionConfiguration>
| Element | Description |
|---|---|
ApplyServerSideEncryptionByDefault |
Sets default encryption for the object, if other encryption parameters are not specified in the request. Path: ServerSideEncryptionConfiguration\Rule\ApplyServerSideEncryptionByDefault. |
KMSMasterKeyID |
KMS key ID. Path: ServerSideEncryptionConfiguration\Rule\ApplyServerSideEncryptionByDefault\KMSMasterKeyID. |
Rule |
Server-side encryption policy. The encryption is defined by KMSMasterKeyID and SSEAlgorithm.Path: ServerSideEncryptionConfiguration\Rule. |
ServerSideEncryptionConfiguration |
Default encryption configuration for new objects in the bucket. Path: ServerSideEncryptionConfiguration. |
SSEAlgorithm |
Encryption algorithm that takes the aws:kms value.Path: ServerSideEncryptionConfiguration\Rule\ApplyServerSideEncryptionByDefault\SSEAlgorithm. |