You can call this operation to query the encryption rules configured for a bucket.

Note Only the bucket owner or authorized RAM users can query the encryption rules configured for a bucket. Otherwise, OSS returns the 403 error. For more information about bucket encryption, see Server-side encryption.

Request syntax

Get /? encryption HTTP/1.1
Date: GMT Date
Host: BucketName.oss.aliyuncs.com
Authorization: SignatureValue

Response elements

Element Type Required Description
ServerSideEncryptionRule Container Yes The container that stores server-side encryption rules.

Child nodes: ApplyServerSideEncryptionByDefault

ApplyServerSideEncryptionByDefault Container Yes The container that stores the default server-side encryption method.

Child nodes: SSEAlgorithm and KMSMasterKeyID

SSEAlgorithm String Yes Displays the default server-side encryption method.

Valid values: KMS and AES256.

KMSMasterKeyID String No Displays the currently used CMK ID.

This parameter is returned only when SSEAlgorithm is set to KMS and a specified CMK is specified in the request. In other cases, this parameter is null.

Examples

  • Sample request
    Get /? encryption HTTP/1.1
    Date: Tue, 20 Dec 2018 11:20:10 GMT
    Host: oss-example.oss-cn-hangzhou.aliyuncs.com
    Authorization: OSS qn6qrrqxo2oawuk53otf****:ceOEyZavKY4QcjoUWYSpYbJ3****
  • Sample response
    HTTP/1.1 204 NoContent
    x-oss-request-id: 5C1B138A109F4E405B2D8AEF
    Date: Tue, 20 Dec 2018 11:22:05 GMT
    <? xml version="1.0" encoding="UTF-8"? >
    <ServerSideEncryptionRule>
      <ApplyServerSideEncryptionByDefault>
        <SSEAlgorithm>KMS</SSEAlgorithm>
        <KMSMasterKeyID>9468da86-3509-4f8d-a61e-6eab1eac****</KMSMasterKeyID>
      </ApplyServerSideEncryptionByDefault>
    </ServerSideEncryptionRule>

SDK

You can use the following SDKs for various programming languages to call GetBucketEncryption:

Error codes

Error code HTTP status code Description
AccessDenied 403 The error message returned because you do not have permissions to query encryption rules configured for the bucket.
NoSuchBucket 400 The error message returned because the bucket of which the encryption rules that you want to query does not exist.
NoSuchServerSideEncryptionRule 400 The error message returned because the no encryption rules are configured for the bucket.