AI Model Hub for free till June 30, 2025.
Try now
Test nowLog inShare Feedback

Encryption

Encryption Configuration of a Bucket

GetBucketEncryption

get

Returns the default encryption configuration for the bucket.

In the current version, only the bucket owner is allowed to perform this operation. We currently do not support the use of bucket policies to extend bucket encryption permissions to users other than the bucket owner.

If the bucket does not have a default encryption configuration, GetBucketEncryption returns `404 ServerSideEncryptionConfigurationNotFoundError`.

Authorizations
Path parameters
Bucketstring · min: 3 · max: 63Required

The bucket name.

Example: my-bucket
Query parameters
encryptionboolean · enumRequiredPossible values:
Responses
200
Successful operation
application/xml
get
GET /{Bucket} HTTP/1.1
Host: s3.eu-central-1.ionoscloud.com
Authorization: YOUR_API_KEY
Accept: */*

<?xml version="1.0" encoding="UTF-8"?>
<ServerSideEncryptionConfiguration xmlns="http://s3.amazonaws.com/doc/2006-03-01/">
    <Rule>
        <ApplyServerSideEncryptionByDefault>
            <SSEAlgorithm>AES256</SSEAlgorithm>
        </ApplyServerSideEncryptionByDefault>
    </Rule>
</ServerSideEncryptionConfiguration>

PutBucketEncryption

put

Sets the AES256 server-side encryption for a bucket with IONOS Object Storage managed keys (SSE-S3).

With server-side encryption, Ionos Object Storage encrypts a newly uploaded object in the bucket before saving it to disk and decrypts it when you download the object. Encryption doesn't change the way that you access data as an authorized user. It only further protects your data.

In the current version, only the bucket owner is allowed to perform this operation. We do not currently support the use of bucket policies to extend bucket encryption permissions to users other than the bucket owner.

IONOS Object Storage API confirms that your object is stored with SSE-S3 encryption by returning the response header `x-amz-server-side-encryption` for the Object Read operation.

You can also apply encryption with a customer-provided key (SSE-C) to each object at the time of uploading. In this case, SSE-C encryption will override the SSE-S3 encryption.

Authorizations
Path parameters
Bucketstring · min: 3 · max: 63Required

The bucket name.

Example: my-bucket
Query parameters
encryptionboolean · enumRequiredPossible values:
Body
Responses
200
Successful operation
put
Request body
<ServerSideEncryptionConfiguration xmlns="http://s3.amazonaws.com/doc/2006-03-01/">
  <Rule>
    <ApplyServerSideEncryptionByDefault>
        <SSEAlgorithm>AES256</SSEAlgorithm>
    </ApplyServerSideEncryptionByDefault>
  </Rule>
</ServerSideEncryptionConfiguration>
200

Successful operation

No content

DeleteBucketEncryption

delete

This implementation of the DELETE operation removes default encryption from the bucket.

In the current version, only the bucket owner is allowed to perform this operation. We currently do not support the use of bucket policies to extend bucket encryption permissions to users other than the bucket owner.

Authorizations
Path parameters
Bucketstring · min: 3 · max: 63Required

The bucket name.

Example: my-bucket
Query parameters
encryptionboolean · enumRequiredPossible values:
Responses
204
Successful operation
delete
DELETE /{Bucket} HTTP/1.1
Host: s3.eu-central-1.ionoscloud.com
Authorization: YOUR_API_KEY
Accept: */*
204

Successful operation

No content
PreviousCORSNextLifecycle

Was this helpful?