An optional parameter to set the Customer-Supplied Encryption key.
Application developers can generate their own encryption keys to protect the data in GCS. This is known as a Customer-Supplied Encryption key (CSEK). If the application provides a CSEK, GCS does not retain the key. The object data, the object CRC32 checksum, and its MD5 hash (if applicable) are all encrypted with this key, and the key is required to read any of these elements back.
Care must be taken to save and protect these keys, if lost, the data is not recoverable. Also, applications should avoid generating predictable keys, as this weakens the encryption.
This option is used in read (download), write (upload), copy, and compose operations. Note that copy and compose operations use the same key for the source and destination objects.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-03-21 UTC."],[[["This page provides documentation for the `EncryptionKey` structure in the Google Cloud Storage C++ client library, covering versions from 2.11.0 to the latest release candidate 2.37.0-rc."],["Customer-Supplied Encryption Keys (CSEK) can be used to encrypt data in Google Cloud Storage, where the application provides the key and GCS does not store it."],["The `EncryptionKey` structure is crucial for operations like reading, writing, copying, and composing data when using CSEK, ensuring that all such operations use the same key for source and destination objects."],["There are two ways to create an encryption key: `FromBinaryKey` which uses a raw binary key and `FromBase64Key` which uses a base64-encoded key, with both requiring exactly 32 bytes once decoded."],["The keys used for encryption should be carefully protected by the application as it is the only one with the key and if the key is lost, the data is unrecoverable."]]],[]]
