You can encrypt the objects stored in buckets on the COS console to prevent data leakage. For more information on encryption, see Server-side Encryption Overview. The following information outlines how to configure object encryption:
- This operation does not support configuring encryption for archived objects. If encryption is needed, please first refer to the information on restoring an archived object. After the restoration is complete, modify the storage type to standard or low frequency before configuring the encryption.
- As long as you have access permission for an object, whether the object has been encrypted has no effect on your accessing said object.
- Server-side encryption encrypts only the object data but not its metadata. Server-side encrypted objects can only be accessed with a valid signature and cannot be accessed by anonymous users.
- When you list the objects in a bucket, all objects, regardless of encryption, will be listed.
- If you’re using SSE-KMS encryption for the first time, you need to enable KMS services.
- Currently, SSE-KMS encryption only supports the Beijing, Shanghai, and Guangzhou regions.