tencent cloud


Setting Object Encryption

Last updated: 2022-05-06 16:42:32


    You can encrypt the objects stored in buckets using the COS console to prevent data disclosure. For more information on encryption, see Server-Side Encryption Overview. The following shows you how to configure object encryption:


    • This operation does not support configuring encryption for objects in the ARCHIVE storage class. If encryption is required, restore archived objects first. After the restoration is complete, change the storage class to STANDARD or STANDARD_IA before configuring the encryption.
    • As long as you have access permission on an object, your object accessing experience is the same regardless of whether the object is encrypted.
    • Server-side encryption encrypts only the object data but not its metadata. Server-side encrypted objects can only be accessed with a valid signature and cannot be accessed by anonymous users.
    • When you list the objects in a bucket, all objects will be listed, regardless of whether they are encrypted.


    1. Log in to the COS console.

    2. Click Bucket List on the left sidebar.

    3. Locate the bucket where the object resides and click the bucket name.

    4. Click File List on the left sidebar.

    5. Find the target object and click Details in the Operation column on the right.

    6. Select the target encryption method in the Server-Side Encryption area.
      The following two encryption methods are currently supported:

      • SSE-COS: Server-side encryption with a key managed by COS. For more information on SSE-COS encryption, see SSE-COS Encryption.
      • SSE-KMS: Server-side encryption with a key managed by Tencent Cloud Key Management System (KMS). You can use the default key or create a key. For more information about keys, see Creating a Key. For more information about SSE-KMS, see the SSE-KMS Encryption section in Server-side Encryption Overview.
    7. Click Save.


      • If you use SSE-KMS encryption for the first time, you need to enable the KMS service.
      • Currently, SSE-KMS encryption is available only in the Beijing, Shanghai, and Guangzhou regions.

      To batch encrypt multiple objects, select multiple objects and click More Actions > Modify Encryption Method at the top.

    Contact Us

    Contact our sales team or business advisors to help your business.

    Technical Support

    Open a ticket if you're looking for further assistance. Our Ticket is 7x24 avaliable.

    7x24 Phone Support