You can encrypt the objects stored in buckets on COS console to prevent data leakage. For more information on encryption, see Server-side Encryption Overview. The following shows you how to configure object encryption:
- This operation does not support configuring encryption for objects of archive type. If encryption is needed, restoring archived objects first. After the restoration is complete, modify the storage type to standard or low frequency before configuring the encryption.
- As long as you have access permissions to objects, the way you access encrypted and non-encrypted objects has no difference.
- Server encryption only encrypts object data, not its metadata. Objects using server encryption can only be accessed with a valid signature, not by anonymous users.
- When you list the objects in a bucket, all objects will be listed, no matter whether they are encrypted.
- If you use SSE-KMS encryption for the first time, you need to enable KMS service.
- Currently, SSE-KMS encryption only supports Beijing, Shanghai, and Guangzhou regions.