All Products
Search

This Product

    Object Storage Service:put-bucket-encryption

    Document Center

    Object Storage Service:put-bucket-encryption

    Last Updated:Dec 05, 2025

    Configures encryption rules for a bucket.

    Usage notes

    By default, an Alibaba Cloud account has the permission to configure encryption rules for a bucket. To add or modify rules as a Resource Access Management (RAM) user or using Security Token Service (STS), you must have the oss:PutBucketEncryption permission. For more information, see Attach a custom policy to a RAM user.

    Command syntax

    ossutil api put-bucket-encryption --bucket value --server-side-encryption-rule value [flags]

    Parameter

    Type

    Description

    --bucket

    string

    The bucket name.

    --server-side-encryption-rule

    string

    The container for server-side encryption rules.

    Note

    The put-bucket-encryption command corresponds to the PutBucketEncryption operation. For more information about the parameters in the PutBucketEncryption operation, see PutBucketEncryption.

    --server-side-encryption-rule

    The --server-side-encryption-rule configuration option supports both the XML and JSON format. If the value of the option contains the file:// prefix, the configuration is read from a file.

    • XML format:

      <ServerSideEncryptionRule>
  <ApplyServerSideEncryptionByDefault>
    <SSEAlgorithm>string</SSEAlgorithm>
    <KMSMasterKeyID>string</KMSMasterKeyID>
    <KMSDataEncryption>string</KMSDataEncryption>
  </ApplyServerSideEncryptionByDefault>
</ServerSideEncryptionRule>

    • JSON format:

      {
  "ApplyServerSideEncryptionByDefault": {
    "SSEAlgorithm": "string",
    "KMSMasterKeyID": "string",
    "KMSDataEncryption": "string"
  }
}
    Note

    For more information about supported global command-line options, see Global command-line options.

    Examples

    The following examples show how to set the server-side encryption method for the examplebucket bucket to AES256.

    • Add the following script to an XML configuration file named server-side-encryption-rule.xml:

      <?xml version="1.0" encoding="UTF-8"?>
<ServerSideEncryptionRule>
  <ApplyServerSideEncryptionByDefault>
    <SSEAlgorithm>AES256</SSEAlgorithm>
    <KMSMasterKeyID></KMSMasterKeyID>
  </ApplyServerSideEncryptionByDefault>
</ServerSideEncryptionRule>

    Sample command:

    ossutil api put-bucket-encryption --bucket examplebucket --server-side-encryption-rule file://server-side-encryption-rule.xml

    • Add the following script to a JSON configuration file named server-side-encryption-rule.json:

      {
  "ApplyServerSideEncryptionByDefault": {
    "SSEAlgorithm": "AES256"
  }
}

      Sample command:

      ossutil api put-bucket-encryption --bucket examplebucket --server-side-encryption-rule file://server-side-encryption-rule.json

    • Configure parameters in the following command in the JSON format:

      ossutil api put-bucket-encryption --bucket examplebucket --server-side-encryption-rule "{\"ApplyServerSideEncryptionByDefault\":{\"SSEAlgorithm\":\"AES256\"}}"