Skip to navigationSkip to main contentSkip to footerScaleway DocsSparklesIconAsk our AI
SparklesIconAsk our AI
ProfileOutlineIcon Log inSign up

Enabling server-side encryption with object native encryption (SSE-ONE) using the Scaleway console

This page explains how to use SSE-ONE with the Scaleway Console. To use it with the AWS CLI, refer to the dedicated documentation.

Server-Side Encryption with Object Native Encryption (SSE-ONE) is an encryption method provided by Scaleway Object Storage to protect your data at rest. It allows you to encrypt data when it is uploaded, and decrypt it when accessed, with Scaleway managing encryption keys (AES-256).

By default, SSE-ONE is applied per-upload, meaning that you must specify the encryption parameter for each PutObject operation. However, you can enable SSE-ONE on a bucket, so that each object uploaded is automatically encrypted at rest with an individual encryption key. Scaleway manages the creation, lifecycle, and deletion of encryption keys.

Scaleway SSE-ONE behaves similarly to Server Side Encryption with Amazon S3 managed keys (SSE-S3).

InformationOutlineIcon
Note

Scaleway also supports SSE-C. Refer to the dedicated documentation for more information.

Before you start

To complete the actions presented below, you must have:

How to enable SSE-ONE during bucket creation

When you create a new Object Storage bucket, you can enable SSE-ONE using the toggle under Bucket encryption.

Objects pushed to this bucket will be automatically encrypted at rest with keys managed by Scaleway.

How to enable SSE-ONE on an existing bucket

  1. Click Object Storage in the Storage section of the side menu. The list of your buckets displays.

  2. Click the name of the desired bucket. The Overview tab displays.

  3. Select the Settings tab.

  4. Click Edit encryption mode, under Bucket encryption. A pop-up displays.

  5. Click the toggle to enable SSE-ONE, then click Edit to confirm.

New objects uploaded to this bucket will be automatically encrypted at rest with keys managed by Scaleway.

AlertCircleIcon
Important

Objects uploaded to this bucket before enabling SSE-ONE will not be encrypted.

How to disable SSE-ONE on an existing bucket

  1. Click Object Storage in the Storage section of the side menu. The list of your buckets displays.

  2. Click the name of the desired bucket. The Overview tab displays.

  3. Select the Settings tab.

  4. Click Edit encryption mode, under Bucket encryption. A pop-up displays.

  5. Click the toggle to disable SSE-ONE, then click Edit to confirm.

New objects uploaded to this bucket will not be encrypted. However, objects uploaded while SSE-ONE was enabled will remain encrypted.

See Also
ArrowLeftIconHow to manage lifecycle rulesHow to host healthcare data (HDS)ArrowRightIcon
Still need help?

Create a support ticketArrowRightIcon
SearchIcon
No Results