Enabling encryption

Files must be encrypted while in storage to keep sensitive data secure. You can disable encryption during testing or when handling files that do not require security.

About this task

Encryption configuration is set for each bucket variant at the time of provisioning. Once provisioned, the encryption configuration cannot be changed.

If you want to change the encryption setting on a variant, you must retire that variant and create a new variant with the same bucket name.

To enable encryption:

Procedure

  1. Use the storage provision command to create a new variant of the bucket where encryption is disabled and you want to enable encryption.
  2. At the Store blobs encrypted?: prompt, select y.
  3. At the Choose storage cryptography specification prompt, choose from the list of specifications.
    Remember: Data objects posted with encryption enabled are retrieved in decrypted format.