An optional parameter to set the Customer-Supplied Encryption key.
Application developers can generate their own encryption keys to protect the data in GCS. This is known as a Customer-Supplied Encryption key (CSEK). If the application provides a CSEK, GCS does not retain the key. The object data, the object CRC32 checksum, and its MD5 hash (if applicable) are all encrypted with this key, and the key is required to read any of these elements back.
Care must be taken to save and protect these keys, if lost, the data is not recoverable. Also, applications should avoid generating predictable keys, as this weakens the encryption.
This option is used in read (download), write (upload), copy, and compose operations. Note that copy and compose operations use the same key for the source and destination objects.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-04-02 UTC."],[[["This document details the `EncryptionKey` structure within the Google Cloud Storage C++ client library, with a list of versions ranging from 2.11.0 to the latest release candidate 2.37.0-rc."],["The `EncryptionKey` structure allows application developers to use Customer-Supplied Encryption Keys (CSEK) to encrypt data in Google Cloud Storage, enhancing security by ensuring that Google does not retain the keys."],["The use of CSEK encrypts the object data, the CRC32 checksum, and the MD5 hash, requiring the key for any read operation on these elements."],["The documentation provides methods `FromBinaryKey` and `FromBase64Key` to create encryption key parameters from either a binary or a base64-encoded key respectively, both needing to be 32 bytes."],["It also highlights the importance of securely managing CSEKs, as losing them results in permanent data inaccessibility, while discouraging predictable key generation practices to maintain strong encryption."]]],[]]