An optional parameter to set the Customer-Supplied Encryption key.
Application developers can generate their own encryption keys to protect the data in GCS. This is known as a Customer-Supplied Encryption key (CSEK). If the application provides a CSEK, GCS does not retain the key. The object data, the object CRC32 checksum, and its MD5 hash (if applicable) are all encrypted with this key, and the key is required to read any of these elements back.
Care must be taken to save and protect these keys, if lost, the data is not recoverable. Also, applications should avoid generating predictable keys, as this weakens the encryption.
This option is used in read (download), write (upload), copy, and compose operations. Note that copy and compose operations use the same key for the source and destination objects.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Missing the information I need","missingTheInformationINeed","thumb-down"],["Too complicated / too many steps","tooComplicatedTooManySteps","thumb-down"],["Out of date","outOfDate","thumb-down"],["Samples / code issue","samplesCodeIssue","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-08-14 UTC."],[[["\u003cp\u003eThis document provides versioned documentation for the \u003ccode\u003eEncryptionKey\u003c/code\u003e struct within the Google Cloud Storage C++ client library, ranging from version 2.11.0 up to the latest release candidate 2.37.0-rc.\u003c/p\u003e\n"],["\u003cp\u003eThe \u003ccode\u003eEncryptionKey\u003c/code\u003e struct allows developers to use Customer-Supplied Encryption Keys (CSEK) to encrypt data in Google Cloud Storage, ensuring that Google does not retain the key.\u003c/p\u003e\n"],["\u003cp\u003eLosing CSEKs results in permanent data loss, as they are required for reading encrypted object data, checksums, and MD5 hashes.\u003c/p\u003e\n"],["\u003cp\u003eThe document details the use of CSEKs in read, write, copy, and compose operations, and it provides functions like \u003ccode\u003eFromBinaryKey\u003c/code\u003e and \u003ccode\u003eFromBase64Key\u003c/code\u003e for generating encryption key parameters.\u003c/p\u003e\n"],["\u003cp\u003eThe \u003ccode\u003eprefix()\u003c/code\u003e function is also available within the \u003ccode\u003eEncryptionKey\u003c/code\u003e struct, although its specific use case is not further specified.\u003c/p\u003e\n"]]],[],null,[]]
