An optional parameter to set the Customer-Supplied Encryption key.
Application developers can generate their own encryption keys to protect the data in GCS. This is known as a Customer-Supplied Encryption key (CSEK). If the application provides a CSEK, GCS does not retain the key. The object data, the object CRC32 checksum, and its MD5 hash (if applicable) are all encrypted with this key, and the key is required to read any of these elements back.
Care must be taken to save and protect these keys, if lost, the data is not recoverable. Also, applications should avoid generating predictable keys, as this weakens the encryption.
This option is used in read (download), write (upload), copy, and compose operations. Note that copy and compose operations use the same key for the source and destination objects.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Missing the information I need","missingTheInformationINeed","thumb-down"],["Too complicated / too many steps","tooComplicatedTooManySteps","thumb-down"],["Out of date","outOfDate","thumb-down"],["Samples / code issue","samplesCodeIssue","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-08-14 UTC."],[[["\u003cp\u003eThis document provides reference information for the \u003ccode\u003eEncryptionKey\u003c/code\u003e structure across multiple versions, from version 2.11.0 up to the latest release candidate, 2.37.0-rc.\u003c/p\u003e\n"],["\u003cp\u003e\u003ccode\u003eEncryptionKey\u003c/code\u003e is used to manage Customer-Supplied Encryption Keys (CSEK) for securing data within Google Cloud Storage (GCS), where the key is not retained by GCS.\u003c/p\u003e\n"],["\u003cp\u003eThe \u003ccode\u003eEncryptionKey\u003c/code\u003e class allows creating keys either from a 32-byte binary key using \u003ccode\u003eFromBinaryKey\u003c/code\u003e or from a base64-encoded key using \u003ccode\u003eFromBase64Key\u003c/code\u003e, both requiring exactly 32 bytes when decoded.\u003c/p\u003e\n"],["\u003cp\u003eUsing CSEK requires saving the keys because data becomes unrecoverable if the key is lost, therefore users are strongly advised against creating predictable keys.\u003c/p\u003e\n"],["\u003cp\u003eCSEK can be used in read, write, copy, and compose operations in Google Cloud Storage, and further details about its usage can be found at the provided link: \u003ca href=\"https://cloud.google.com/storage/docs/encryption/customer-supplied-keys\"\u003ehttps://cloud.google.com/storage/docs/encryption/customer-supplied-keys\u003c/a\u003e.\u003c/p\u003e\n"]]],[],null,[]]
