An optional parameter to set the Customer-Supplied Encryption key for rewrite source object.
Application developers can generate their own encryption keys to protect the data in GCS. This is known as a Customer-Supplied Encryption key (CSEK). If the application provides a CSEK, GCS does not retain the key. The object data, the object CRC32 checksum, and its MD5 hash (if applicable) are all encrypted with this key, and the key is required to read any of these elements back.
Care must be taken to save and protect these keys, if lost, the data is not recoverable. Also, applications should avoid generating predictable keys, as this weakens the encryption.
This option is used only in rewrite operations and it defines the key used for the source object.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Missing the information I need","missingTheInformationINeed","thumb-down"],["Too complicated / too many steps","tooComplicatedTooManySteps","thumb-down"],["Out of date","outOfDate","thumb-down"],["Samples / code issue","samplesCodeIssue","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-07-02 UTC."],[[["This webpage provides documentation for the `SourceEncryptionKey` struct within the Google Cloud Storage C++ library, detailing its use in managing customer-supplied encryption keys."],["The latest release candidate version for this library is 2.37.0-rc, and versions are available all the way back to 2.11.0."],["`SourceEncryptionKey` is an optional parameter for rewrite operations, setting the key for the source object."],["The library allows creating a source encryption key either from a raw binary key of 32 bytes or a base64-encoded key that decodes to 32 bytes."],["The documentation stresses the importance of securely storing these user generated encryption keys, as loss of the key will cause data to be irretrievable."]]],[]]
