An optional parameter to set the Customer-Supplied Encryption key for rewrite source object.
Application developers can generate their own encryption keys to protect the data in GCS. This is known as a Customer-Supplied Encryption key (CSEK). If the application provides a CSEK, GCS does not retain the key. The object data, the object CRC32 checksum, and its MD5 hash (if applicable) are all encrypted with this key, and the key is required to read any of these elements back.
Care must be taken to save and protect these keys, if lost, the data is not recoverable. Also, applications should avoid generating predictable keys, as this weakens the encryption.
This option is used only in rewrite operations and it defines the key used for the source object.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Missing the information I need","missingTheInformationINeed","thumb-down"],["Too complicated / too many steps","tooComplicatedTooManySteps","thumb-down"],["Out of date","outOfDate","thumb-down"],["Samples / code issue","samplesCodeIssue","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-08-14 UTC."],[[["\u003cp\u003eThis document outlines the \u003ccode\u003eSourceEncryptionKey\u003c/code\u003e structure for Google Cloud Storage (GCS) C++ library versions, ranging from 2.11.0 to the latest release candidate 2.37.0-rc.\u003c/p\u003e\n"],["\u003cp\u003e\u003ccode\u003eSourceEncryptionKey\u003c/code\u003e is an optional parameter to set a Customer-Supplied Encryption Key (CSEK) for source objects during rewrite operations in GCS, and GCS does not retain the key.\u003c/p\u003e\n"],["\u003cp\u003eUsers can generate their own CSEKs to encrypt data in GCS, but must securely store the keys because lost keys will render the data unrecoverable.\u003c/p\u003e\n"],["\u003cp\u003eThe \u003ccode\u003eFromBinaryKey\u003c/code\u003e function creates a source encryption key from a binary key, which must have exactly 32 bytes, while \u003ccode\u003eFromBase64Key\u003c/code\u003e creates a key from base64 format, which must also decode to exactly 32 bytes.\u003c/p\u003e\n"],["\u003cp\u003eThe document also includes a link to further information about CSEKs in GCS, providing a more detailed description of their usage.\u003c/p\u003e\n"]]],[],null,[]]
