search
Log in

Encryption

Encryption Configuration of a Bucket

hashtag
GetBucketEncryption

get
/{Bucket}?encryption

Returns the default encryption configuration for the bucket.

In the current version, only the bucket owner is allowed to perform this operation. We currently do not support the use of bucket policies to extend bucket encryption permissions to users other than the bucket owner.

If the bucket does not have a default encryption configuration, GetBucketEncryption returns `404 ServerSideEncryptionConfigurationNotFoundError`.

Authorizations
AuthorizationstringRequired

IONOS Object Storage API requests are authenticated using the AWS signature. The IONOS Object Storage API authenticates users using a customized HTTP scheme based on a keyed-HMAC (Hash Message Authentication Code). The process of generating the proper Authorization header is somewhat involved. We recommend that you make use of a tool such as Postman.

In the Authorization tab for a request, select AWS Signature from the Type dropdown list. Specify where Postman should append your authorization data using the Add authorization data to drop-down menu.

  • If you select Request Headers, Postman populates the Headers tab with Authorization and X-Amz- prefixed fields.

  • If you select Request URL, Postman populates the Params tab with authentication details prefixed with X-Amz-.

Note: The parameters listed below contain confidential information. We recommend using variables to keep this data secure while working in a collaborative environment.

  • For Access Key, enter your access key directly in the fields or through variables for added security.

  • For Secret Key, enter your secret key directly in the fields or through variables for added security.

Advanced fields are optional, but Postman will attempt to generate them automatically if necessary.

  • For AWS Region, enter one of the regions (eu-central-3) where your bucket is hosted.

  • For Service Name, enter s3. The name of the service that receives the requests.

  • For Session Token, leave the field blank. This is only required when temporary security credentials are used.

Path parameters
Bucketstring · min: 3 · max: 63Required

The bucket name.

Example: my-bucket
Query parameters
encryptionboolean · enumRequiredPossible values:
Responses
chevron-right
200

Successful operation

application/xml
get
/{Bucket}?encryption

hashtag
PutBucketEncryption

put
/{Bucket}?encryption

Sets the AES256 server-side encryption for a bucket with IONOS Object Storage managed keys (SSE-S3).

With server-side encryption, Ionos Object Storage encrypts a newly uploaded object in the bucket before saving it to disk and decrypts it when you download the object. Encryption doesn't change the way that you access data as an authorized user. It only further protects your data.

In the current version, only the bucket owner is allowed to perform this operation. We do not currently support the use of bucket policies to extend bucket encryption permissions to users other than the bucket owner.

IONOS Object Storage API confirms that your object is stored with SSE-S3 encryption by returning the response header `x-amz-server-side-encryption` for the Object Read operation.

You can also apply encryption with a customer-provided key (SSE-C) to each object at the time of uploading. In this case, SSE-C encryption will override the SSE-S3 encryption.

Authorizations
AuthorizationstringRequired

IONOS Object Storage API requests are authenticated using the AWS signature. The IONOS Object Storage API authenticates users using a customized HTTP scheme based on a keyed-HMAC (Hash Message Authentication Code). The process of generating the proper Authorization header is somewhat involved. We recommend that you make use of a tool such as Postman.

In the Authorization tab for a request, select AWS Signature from the Type dropdown list. Specify where Postman should append your authorization data using the Add authorization data to drop-down menu.

  • If you select Request Headers, Postman populates the Headers tab with Authorization and X-Amz- prefixed fields.

  • If you select Request URL, Postman populates the Params tab with authentication details prefixed with X-Amz-.

Note: The parameters listed below contain confidential information. We recommend using variables to keep this data secure while working in a collaborative environment.

  • For Access Key, enter your access key directly in the fields or through variables for added security.

  • For Secret Key, enter your secret key directly in the fields or through variables for added security.

Advanced fields are optional, but Postman will attempt to generate them automatically if necessary.

  • For AWS Region, enter one of the regions (eu-central-3) where your bucket is hosted.

  • For Service Name, enter s3. The name of the service that receives the requests.

  • For Session Token, leave the field blank. This is only required when temporary security credentials are used.

Path parameters
Bucketstring · min: 3 · max: 63Required

The bucket name.

Example: my-bucket
Query parameters
encryptionboolean · enumRequiredPossible values:
Body
Responses
chevron-right
200

Successful operation

put
/{Bucket}?encryption
Request body
200

Successful operation

No content

hashtag
DeleteBucketEncryption

delete
/{Bucket}?encryption

This implementation of the DELETE operation removes default encryption from the bucket.

In the current version, only the bucket owner is allowed to perform this operation. We currently do not support the use of bucket policies to extend bucket encryption permissions to users other than the bucket owner.

Authorizations
AuthorizationstringRequired

IONOS Object Storage API requests are authenticated using the AWS signature. The IONOS Object Storage API authenticates users using a customized HTTP scheme based on a keyed-HMAC (Hash Message Authentication Code). The process of generating the proper Authorization header is somewhat involved. We recommend that you make use of a tool such as Postman.

In the Authorization tab for a request, select AWS Signature from the Type dropdown list. Specify where Postman should append your authorization data using the Add authorization data to drop-down menu.

  • If you select Request Headers, Postman populates the Headers tab with Authorization and X-Amz- prefixed fields.

  • If you select Request URL, Postman populates the Params tab with authentication details prefixed with X-Amz-.

Note: The parameters listed below contain confidential information. We recommend using variables to keep this data secure while working in a collaborative environment.

  • For Access Key, enter your access key directly in the fields or through variables for added security.

  • For Secret Key, enter your secret key directly in the fields or through variables for added security.

Advanced fields are optional, but Postman will attempt to generate them automatically if necessary.

  • For AWS Region, enter one of the regions (eu-central-3) where your bucket is hosted.

  • For Service Name, enter s3. The name of the service that receives the requests.

  • For Session Token, leave the field blank. This is only required when temporary security credentials are used.

Path parameters
Bucketstring · min: 3 · max: 63Required

The bucket name.

Example: my-bucket
Query parameters
encryptionboolean · enumRequiredPossible values:
Responses
delete
/{Bucket}?encryption
204

Successful operation

No content
PreviousCORSNextLifecycle

Last updated

Was this helpful?