An optional parameter to set the Customer-Supplied Encryption key.
Application developers can generate their own encryption keys to protect the data in GCS. This is known as a Customer-Supplied Encryption key (CSEK). If the application provides a CSEK, GCS does not retain the key. The object data, the object CRC32 checksum, and its MD5 hash (if applicable) are all encrypted with this key, and the key is required to read any of these elements back.
Care must be taken to save and protect these keys, if lost, the data is not recoverable. Also, applications should avoid generating predictable keys, as this weakens the encryption.
This option is used in read (download), write (upload), copy, and compose operations. Note that copy and compose operations use the same key for the source and destination objects.
See Also
https://cloud.google.com/storage/docs/encryption/customer-supplied-keys for a detailed description of how Customer Supplied Encryption keys are used in GCS.
Functions
static FromBinaryKey(std::string const &)
Create an encryption key parameter from a binary key.
| Parameter | |
|---|---|
| Name | Description |
key |
std::string const &
a binary key, must have exactly 32 bytes. |
| Returns | |
|---|---|
| Type | Description |
EncryptionKey |
|
static FromBase64Key(std::string const &)
Creates an encryption key parameter from a key in base64 format.
| Parameter | |
|---|---|
| Name | Description |
key |
std::string const &
a base64-encoded key, must have exactly 32 bytes when decoded. |
| Returns | |
|---|---|
| Type | Description |
EncryptionKey |
|
static prefix()
| Returns | |
|---|---|
| Type | Description |
char const * |
|