An optional parameter to set the Customer-Supplied Encryption key for rewrite source object.
Application developers can generate their own encryption keys to protect the data in GCS. This is known as a Customer-Supplied Encryption key (CSEK). If the application provides a CSEK, GCS does not retain the key. The object data, the object CRC32 checksum, and its MD5 hash (if applicable) are all encrypted with this key, and the key is required to read any of these elements back.
Care must be taken to save and protect these keys, if lost, the data is not recoverable. Also, applications should avoid generating predictable keys, as this weakens the encryption.
This option is used only in rewrite operations and it defines the key used for the source object.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-03-21 UTC."],[[["This page provides documentation for the `SourceEncryptionKey` struct within the Google Cloud Storage C++ library, covering versions from 2.11.0 to 2.37.0-rc (latest)."],["`SourceEncryptionKey` is used to manage Customer-Supplied Encryption Keys (CSEK) for source objects during rewrite operations in Google Cloud Storage."],["CSEK allows developers to encrypt data in GCS using their own keys, enhancing security, but losing the key renders the data unrecoverable."],["The documentation outlines functions for creating `SourceEncryptionKey` instances from binary keys (`FromBinaryKey`) and base64-encoded keys (`FromBase64Key`), with both requiring 32 bytes."],["The documentation provides a link that goes over the details on how Customer Supplied Encryption keys are used in GCS."]]],[]]
