All Products
Search
Document Center

Object Storage Service:put-bucket-encryption

Last Updated:Jun 25, 2026

Configures encryption rules for a bucket.

Usage notes

By default, an Alibaba Cloud account has the permission to configure encryption rules for a bucket. To add or modify rules as a Resource Access Management (RAM) user or using Security Token Service (STS), you must have the oss:PutBucketEncryption permission. For more information, see Common examples of RAM policies.

Command syntax

ossutil api put-bucket-encryption --bucket value --server-side-encryption-rule value [flags]

Parameter

Type

Description

--bucket

string

The bucket name.

--server-side-encryption-rule

string

The container for server-side encryption rules.

Note

The put-bucket-encryption command corresponds to the PutBucketEncryption operation. For more information about the parameters in the PutBucketEncryption operation, see PutBucketEncryption.

--server-side-encryption-rule

The --server-side-encryption-rule configuration option supports both the XML and JSON format. If the value of the option contains the file:// prefix, the configuration is read from a file.

  • XML format:

    <ServerSideEncryptionRule> <ApplyServerSideEncryptionByDefault> <SSEAlgorithm>string</SSEAlgorithm> <KMSMasterKeyID>string</KMSMasterKeyID> <KMSDataEncryption>string</KMSDataEncryption> </ApplyServerSideEncryptionByDefault></ServerSideEncryptionRule>
  • JSON format:

    { "ApplyServerSideEncryptionByDefault": { "SSEAlgorithm": "string", "KMSMasterKeyID": "string", "KMSDataEncryption": "string" }}
Note

For more information about supported global command-line options, see Global command-line options.

Examples

The following examples show how to set the server-side encryption method for the examplebucket bucket to AES256.

  • Add the following script to an XML configuration file named server-side-encryption-rule.xml:

    <?xml version="1.0" encoding="UTF-8"?><ServerSideEncryptionRule> <ApplyServerSideEncryptionByDefault> <SSEAlgorithm>AES256</SSEAlgorithm> <KMSMasterKeyID></KMSMasterKeyID> </ApplyServerSideEncryptionByDefault></ServerSideEncryptionRule>

Sample command:

ossutil api put-bucket-encryption --bucket examplebucket --server-side-encryption-rule file://server-side-encryption-rule.xml
  • Add the following script to a JSON configuration file named server-side-encryption-rule.json:

    { "ApplyServerSideEncryptionByDefault": { "SSEAlgorithm": "AES256" }}

    Sample command:

    ossutil api put-bucket-encryption --bucket examplebucket --server-side-encryption-rule file://server-side-encryption-rule.json
  • Configure parameters in the following command in the JSON format:

    ossutil api put-bucket-encryption --bucket examplebucket --server-side-encryption-rule "{\"ApplyServerSideEncryptionByDefault\":{\"SSEAlgorithm\":\"AES256\"}}"