An optional parameter to set the Customer-Supplied Encryption key.
Application developers can generate their own encryption keys to protect the data in GCS. This is known as a Customer-Supplied Encryption key (CSEK). If the application provides a CSEK, GCS does not retain the key. The object data, the object CRC32 checksum, and its MD5 hash (if applicable) are all encrypted with this key, and the key is required to read any of these elements back.
Care must be taken to save and protect these keys, if lost, the data is not recoverable. Also, applications should avoid generating predictable keys, as this weakens the encryption.
This option is used in read (download), write (upload), copy, and compose operations. Note that copy and compose operations use the same key for the source and destination objects.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-04-22 UTC."],[[["The page provides documentation for the `EncryptionKey` struct in the Google Cloud Storage C++ client library, spanning multiple versions from 2.11.0 to 2.37.0-rc."],["Customer-Supplied Encryption Keys (CSEK) allow application developers to encrypt data in Google Cloud Storage using their own keys, ensuring that Google Cloud Storage does not retain the keys."],["The `EncryptionKey` struct is used in read, write, copy, and compose operations within Google Cloud Storage, and it encrypts object data, the CRC32 checksum, and the MD5 hash."],["There are two primary methods for creating an `EncryptionKey`: `FromBinaryKey`, which accepts a 32-byte binary key, and `FromBase64Key`, which accepts a base64-encoded key that decodes to 32 bytes."],["Users must securely manage their CSEKs because if the keys are lost, the encrypted data is irretrievable, and generating predictable keys should be avoided to maintain encryption strength."]]],[]]
