An optional parameter to set the Customer-Supplied Encryption key.
Application developers can generate their own encryption keys to protect the data in GCS. This is known as a Customer-Supplied Encryption key (CSEK). If the application provides a CSEK, GCS does not retain the key. The object data, the object CRC32 checksum, and its MD5 hash (if applicable) are all encrypted with this key, and the key is required to read any of these elements back.
Care must be taken to save and protect these keys, if lost, the data is not recoverable. Also, applications should avoid generating predictable keys, as this weakens the encryption.
This option is used in read (download), write (upload), copy, and compose operations. Note that copy and compose operations use the same key for the source and destination objects.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-04-01 UTC."],[[["The webpage provides documentation for the `EncryptionKey` struct in the Google Cloud Storage C++ client library, covering versions from 2.11.0 to 2.37.0-rc, with the latter being the latest release candidate."],["Customer-Supplied Encryption Keys (CSEK) can be generated and utilized by application developers to enhance data protection within Google Cloud Storage (GCS), but the key is not stored by GCS and cannot be retrieved if lost."],["The `EncryptionKey` struct is used in various GCS operations, including reading, writing, copying, and composing, all while using a consistent key for both source and destination objects when it comes to copy and compose functions."],["The webpage details two methods for creating an `EncryptionKey`: `FromBinaryKey`, which requires a 32-byte binary key, and `FromBase64Key`, which takes a base64-encoded key that decodes to 32 bytes."],["The `prefix()` static function is detailed within the documentation as well, however no specific information on its use is provided."]]],[]]
