Setting Object Encryption

Last updated: 2019-09-30 12:45:17



You can encrypt the objects stored in buckets in the COS Console to prevent data leakage. For more information about encryption, see Server-side Encryption Overview. The following section will guide you through how to encrypt objects.

  • COS currently supports SSE-COS for encryption.
  • Server-side encryption is currently only available in Beijing, Shanghai, and Guangzhou regions.
  • The experience accessing an encrypted object is the same as that accessing an unencrypted one, provided that you already have access to it.
  • Server-side encryption encrypts only the data but not the metadata of the object. Server-side encrypted objects can only be accessed with a valid signature but not by anonymous users.
  • When you try to list the objects in a bucket, all objects will be listed, no matter whether they are encrypted.


  1. Log in to the COS Console.
  2. In the left sidebar, click Bucket List.
  3. Select the bucket to which to add a bucket policy and enter it.
  4. Click File List and click Details to the right of the object you want to encrypt.
  5. In the Server-side Encryption configuration item, select SSE-COS and click Save to encrypt the object.