An optional parameter to set the Customer-Supplied Encryption key for rewrite source object.
Application developers can generate their own encryption keys to protect the data in GCS. This is known as a Customer-Supplied Encryption key (CSEK). If the application provides a CSEK, GCS does not retain the key. The object data, the object CRC32 checksum, and its MD5 hash (if applicable) are all encrypted with this key, and the key is required to read any of these elements back.
Care must be taken to save and protect these keys, if lost, the data is not recoverable. Also, applications should avoid generating predictable keys, as this weakens the encryption.
This option is used only in rewrite operations and it defines the key used for the source object.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Missing the information I need","missingTheInformationINeed","thumb-down"],["Too complicated / too many steps","tooComplicatedTooManySteps","thumb-down"],["Out of date","outOfDate","thumb-down"],["Samples / code issue","samplesCodeIssue","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-08-14 UTC."],[[["\u003cp\u003eThe webpage provides documentation for the \u003ccode\u003eSourceEncryptionKey\u003c/code\u003e struct in the Google Cloud Storage C++ client library, covering versions from 2.11.0 up to the latest release candidate 2.37.0-rc.\u003c/p\u003e\n"],["\u003cp\u003e\u003ccode\u003eSourceEncryptionKey\u003c/code\u003e is an optional parameter used in rewrite operations to specify the Customer-Supplied Encryption Key (CSEK) for the source object.\u003c/p\u003e\n"],["\u003cp\u003eCustomer-Supplied Encryption Keys (CSEK) are generated by application developers to protect data in Google Cloud Storage, and the keys are not retained by Google Cloud Storage, however loss of the key results in data unrecoverability.\u003c/p\u003e\n"],["\u003cp\u003eThe documentation outlines functions for creating a \u003ccode\u003eSourceEncryptionKey\u003c/code\u003e instance from a binary key via \u003ccode\u003eFromBinaryKey\u003c/code\u003e and from a base64 encoded key via \u003ccode\u003eFromBase64Key\u003c/code\u003e, both requiring a key length of exactly 32 bytes.\u003c/p\u003e\n"],["\u003cp\u003eThe \u003ccode\u003eprefix\u003c/code\u003e static function is available and its return type is \u003ccode\u003echar const*\u003c/code\u003e.\u003c/p\u003e\n"]]],[],null,[]]
