tencent cloud

Bucket Policy - bucket-policy
Download PDF
Last updated: 2025-10-28 16:00:20
Bucket Policy - bucket-policy
Last updated: 2025-10-28 16:00:20
Download PDF
The bucket-encryption command is used to set, query, and delete bucket encryption policies.
Note:
To query bucket encryption policy, when performing authorization policy, set action to cos:GetBucketEncryption.
To configure bucket encryption policy, when performing authorization policy, set action to cos:PutBucketEncryption.
To delete bucket encryption policy, when performing authorization policy, set action to cos:DeleteBucketEncryption.
For more authorization, please refer to Business APIs Supporting CAM.

Command Syntax

./coscli bucket-encryption --method [method] cos://<bucket-name>
The bucket-encryption command includes the following parameters:
Parameter Format
Description
Example
cos://<bucket-name>
Specify the target bucket. Supports using the bucket alias in configuration parameters or the bucket name for access. If using the bucket name for access, you must also include the endpoint flag.
Access with the bucket alias: cos://example-alias
Access with the bucket name: cos://examplebucket-1250000000
The bucket-encryption command includes the following optional flags:
Flag Abbreviation
Flag Name
Description
-h
--help
Views the usage of this command.
None
--method
Specify the required operation, including put (configure bucket encryption), get (query bucket encryption), delete (delete bucket encryption).
None
--sse-algorithm
Encryption Algorithm (AES256, SM4, KMS)
None
--kms-master-key-id
KMS master key ID
None
--kms-algorithm
KMS Encryption Algorithm (AES256, SM4)
Note:
For more general options for this command (such as switching buckets or user accounts), see Common Options.

Configuring Bucket Encryption Policy

Operation Example

Set the bucket encryption policy for the bucket named example-alias. The command is as follows:
./coscli bucket-encryption --method put cos://example-alias --sse-algorithm KMS

Query Bucket Encryption Policy

Operation Example

Query the encryption policy information of the bucket named example-alias.
./coscli bucket-encryption --method get cos://example-alias
Output the following result.
   SECTION    | KEY        | VALUE                                 
-------------+------------+---------------------------------------
  Encryption | Algorithm  | KMS                                   
+            +------------+--------------------------------------+
             | KMS Key ID | **********-****-****-****-**********  
+            +------------+--------------------------------------+
             | Status     | Enabled                               
-------------+------------+---------------------------------------
COS Bucket Encryption Configuration

Encryption Details:
 - Type: Server-Side Encryption with KMS-Managed Keys (SSE-KMS)
 - Description: Tencent Cloud Key Management System (KMS) manages encryption keys
 - KMS Key ID: **********-****-****-****-**********
 - Key Type: Customer Master Key (CMK)


Deleting a Bucket Encryption Policy

Operation Example

Delete the bucket encryption policy of the bucket named example-alias. The command is as follows:
./coscli bucket-encryption --method delete cos://example-alias





Was this page helpful?
You can also Contact Sales or Submit a Ticket for help.
Yes
No

Feedback