Data encryption options

Stay organized with collections Save and categorize content based on your preferences.

Cloud Storage always encrypts your data on the server side, before it is written to disk, at no additional charge. In Cloud Storage specifically, data is encrypted at the storage level using AES. In most cases, Galois/Counter Mode (GCM) is used. For more information, see Google's common cryptographic library.

Besides this standard, Google-managed behavior, there are additional ways to encrypt your data when using Cloud Storage. Below is a summary of the encryption options available to you:

  • Server-side encryption: encryption that occurs after Cloud Storage receives your data, but before the data is written to disk and stored.

  • Client-side encryption: encryption that occurs before data is sent to Cloud Storage. Such data arrives at Cloud Storage already encrypted but also undergoes server-side encryption.