GetBucketEncryption

0.0.201

You can call this operation to query the encryption rules configured for a bucket.

Notes

The oss:GetBucketEncryption permission is required to query the encryption rules configured for a bucket by calling GetBucketEncryption. For more information, see Common examples of RAM policies.

Note

Only the bucket owner or authorized RAM users can query the encryption rules configured for a bucket. If other users try to query the encryption rules configured for the bucket, OSS returns 403. For more information about bucket encryption, see Server-side encryption.

Request structure

Get /? encryption HTTP/1.1
Date: GMT Date
Host: BucketName.oss.aliyuncs.com
Authorization: SignatureValue

Request headers

A GetBucketEncryption request contains only common request headers. For more information, see Common request headers.

Response headers

The response to a GetBucketEncryption request contains only common response headers. For more information, see Common response headers.

Response elements

Element	Type	Example	Description

Element	Type	Example	Description
ServerSideEncryptionRule	Container	N/A	The container that stores server-side encryption rules. Child node: ApplyServerSideEncryptionByDefault
ApplyServerSideEncryptionByDefault	Container	N/A	The container that stores the default server-side encryption method. Child nodes: SSEAlgorithm and KMSMasterKeyID
SSEAlgorithm	String	KMS	The default server-side encryption method. Valid values: KMS and AES256
KMSMasterKeyID	String	9468da86-3509-4f8d-a61e-6eab1eac****	The CMK ID that is used for encryption. This parameter is returned only when the value of SSEAlgorithm is KMS and a CMK ID is specified in the request. In other cases, this parameter is null.

Examples

Sample request

Get /? encryption HTTP/1.1
Date: Tue, 20 Dec 2018 11:20:10 GMT
Host: oss-example.oss-cn-hangzhou.aliyuncs.com
Authorization: OSS qn6q**************:77Dv****************

Sample response

The following response indicates that SSE-KMS is configured for the bucket.

HTTP/1.1 204 NoContent
x-oss-request-id: 5C1B138A109F4E405B2D8AEF
Date: Tue, 20 Dec 2018 11:22:05 GMT
<? xml version="1.0" encoding="UTF-8"? >
<ServerSideEncryptionRule>
  <ApplyServerSideEncryptionByDefault>
    <SSEAlgorithm>KMS</SSEAlgorithm>
    <KMSMasterKeyID>9468da86-3509-4f8d-a61e-6eab1eac****</KMSMasterKeyID>
  </ApplyServerSideEncryptionByDefault>
</ServerSideEncryptionRule>

SDK

You can use OSS SDKs for the following programming languages to call GetBucketEncryption:

ossutil

For information about the ossutil command that corresponds to the GetBucketEncryption operation, see get-bucket-encryption.

Errors codes

Error code	HTTP status code	Description

Error code	HTTP status code	Description
AccessDenied	403	The error message returned because you do not have permissions to query the encryption rules configured for the bucket.
NoSuchBucket	400	The error message returned because the bucket whose encryption rules you want to query does not exist.
NoSuchServerSideEncryptionRule	400	The error message returned because the no encryption rules are configured for the bucket.

Feedback

Previous: PutBucketEncryptionNext: DeleteBucketEncryption

On this page （1）

Notes

Request structure

Request headers

Response headers

Response elements

Examples

SDK

ossutil

Errors codes

Chat now with Alibaba Cloud Customer Service to assist you in finding the right products and services to meet your needs.

Notes

Request structure

Request headers

Response headers

Response elements

Examples

SDK

ossutil

Errors codes

Sales Support

Technical Support

Connect & Report Abuse

About Alibaba Cloud

Our Global Network

Quick Start

Global Offices

Olympic Games Paris 2024 New

Stade Roland Garros – Glitz from the Past New

Place de la Concorde – “Breaking” the Barriers New

Vaires-sur-Marne Nautical Stadium – Sports with Sustainability New

International Broadcast Center – Images, Sounds, and Data that Captivate Billions New

Customer Success Stories New

Trust Center

Security & Compliance Center

Cloud Compliance Resources

Security Compliance FAQs

Product & Feature Update New

Cloud Forward

Press Room

Alibaba Cloud e-Magazine New

Alibaba Cloud in Analyst Research

Notice

Go Global Service New

Go Global Alliance with Alibaba Cloud

Asia Accelerator Hot

Information Compliance

China Gateway - MLPS 2.0 Compliance New

China Gateway - Networking

China Gateway - Global Application Acceleration New

China Gateway - Security

China Gateway - Data Security New

ICP Support Hot

China Gateway - Omnichannel Data Mid-End New

China Gateway - Organizational Data Mid-End New

China Gateway - Business Mid-End New

China Gateway - AI Service for Conversational Chatbots New

China Gateway - Online Education

China Gateway - Domain Registration

Work at Alibaba Cloud

Experienced Professionals

Students and Graduates

Free Trial

Pricing

Promo Center

Price Reduction

Pay Less and Deploy More

FinOps

Elastic Compute Service (ECS)

Simple Application Server (SAS)

Elastic GPU Service

Elastic Desktop Service (EDS)

Object Storage Service (OSS)

Cloud Enterprise Network (CEN)

Web Application Firewall (WAF)

Domain Names

Container Compute Service (ACS)

Secure Access Service Edge (SASE)

Intelligent Media Services(IMS)

Edge Security Acceleration (ESA)(Original DCDN)

Intelligent Media Management

DingTalk Enterprise

YiDA

Alibaba Cloud Model Studio

Apsara Prime - For Easy Cloud Product Selection

Alibaba Cloud ECS - Cater All Your Cloud Hosting Needs

1TB CDN—Get Free 1 TB Outbound Traffic Plan Now

Security—Under Attack? Get Free Security Support

Short Message Service - Free Testing is Available

Elastic Compute Service (ECS) Hot

CloudBox

Compute Nest

Dedicated Host Hot

ECS Bare Metal Instance

Elastic GPU Service Featured

Simple Application Server (SAS) Hot

Auto Scaling

Cloud Phone Beta

Elastic Desktop Service (EDS) Featured

Batch Compute

Elastic High Performance Computing (E-HPC)

Super Computing Cluster (SCC)

Function Compute (FC)