PutBucketEncryption

Prev Next

Available in Classic and VPC

Register or override the default server-side encryption (SSE) settings for an Ncloud Storage bucket. If default encryption is enabled for the bucket, these settings are automatically applied during upload without the need to specify a separate encryption header.

Request

This section describes the request format. The method and URI are as follows:

Method URL
PUT -

Request headers

For information about the headers common to all Ncloud Storage APIs, see Ncloud Storage request headers.

Request body

You can include the following data in the body of your request:

Field Type Required Description
ServerSideEncryptionConfiguration - Required Root elements of encryption configuration
ServerSideEncryptionConfiguration.Rule List Required Encryption rule list
  • Only 1 is allowed.
ServerSideEncryptionConfiguration.Rule.ApplyServerSideEncryptionByDefault Object Required Default encryption algorithm settings
ServerSideEncryptionConfiguration.Rule.ApplyServerSideEncryptionByDefault.SSEAlgorithm String Required Default encryption algorithm
ServerSideEncryptionConfiguration.Rule.BucketKeyEnabled Boolean Optional Bucket key activation
  • This is currently not supported. If set to true, an error is returned.

Behavior based on SSEAlgorithm value

The behavior based on the SSEAlgorithm value is described as follows:

SSEAlgorithm value Description
aws:kms Encrypt using Ncloud KMS (Key Management Service), and use the default key managed by Ncloud.
AES256 Encrypt using the SSE-S3 method.
Note
  • Exactly one rule is allowed. If there are zero or two or more rules, an error is returned.
  • If you specify KMSMasterKeyID when setting SSEAlgorithm to AES256, an error is returned.
  • User-managed KMS keys (specifying KMSMasterKeyID) will be supported in the future.
  • aws:kms:dsse will be supported in the future.

Request example

The request example is as follows:

Set SSE-KMS (Ncloud management key)

The following describes a sample request for configuring default encryption based on Ncloud KMS in a bucket. Afterward, SSE-KMS is automatically applied to objects uploaded without an encryption header.

PUT /?encryption HTTP/1.1
Host: bucket.kr.ncloudstorage.com

<ServerSideEncryptionConfiguration xmlns="http://s3.amazonaws.com/doc/2006-03-01/">
    <Rule>
        <ApplyServerSideEncryptionByDefault>
            <SSEAlgorithm>aws:kms</SSEAlgorithm>
        </ApplyServerSideEncryptionByDefault>
    </Rule>
</ServerSideEncryptionConfiguration>

Set SSE-S3 (AES256)

The following describes a sample request for configuring default encryption based on SSE-S3 in a bucket.

PUT /?encryption HTTP/1.1
Host: bucket.kr.ncloudstorage.com

<ServerSideEncryptionConfiguration xmlns="http://s3.amazonaws.com/doc/2006-03-01/">
    <Rule>
        <ApplyServerSideEncryptionByDefault>
            <SSEAlgorithm>AES256</SSEAlgorithm>
        </ApplyServerSideEncryptionByDefault>
    </Rule>
</ServerSideEncryptionConfiguration>

Response

This section describes the response format.

Response headers

For information about the headers common to all Ncloud Storage APIs, see Ncloud Storage response headers.

Response status codes

For information about the HTTP status codes common to all Ncloud Storage APIs, see Common Ncloud Storage response status codes.

Response example

The response example is as follows:

HTTP/1.1 200 OK
Business Registration Number: 129-86-31394 E-commerce Permit Number:No. 2009-GyeonggiSeongnam-0510
CEO: Kim Yuwon Address: NAVER Green Factory 17th–26th Floors, Buljeong-ro 6, Bundang-gu, Seongnam-si, Gyeonggi-do 13561, Republic of Korea. Customer Support Number: 1544-5876
© NAVER Cloud Corp. All Rights Reserved.