Help Center/ Object Storage Service/ API Reference/ APIs/ Advanced Bucket Settings/ Obtaining Bucket Encryption Configuration
Updated on 2025-08-22 GMT+08:00

Obtaining Bucket Encryption Configuration

Functions

OBS uses the GET method to obtain the encryption configuration of a specified bucket.

To perform this operation, you must have the GetEncryptionConfiguration permission. By default, only the bucket owner can delete the tags of a bucket. The bucket owner can allow other users to perform this operation by setting a bucket policy or granting them the permission.

For more information about permission control, see the permission control in the OBS Permission Configuration Guide.

Request Syntax

1
2
3
4
5
6
GET /?encryption  HTTP/1.1
User-Agent: curl/7.29.0
Host: bucketname.obs.region.myhuaweicloud.com 
Accept: */*
Date: date 
Authorization: authorization string

Request parameters

This request contains no message parameters.

Request Headers

This request uses common headers. For details, see Table 3.

Request Elements

This request involves no elements.

Response Syntax

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
HTTP/1.1 status_code
x-obs-request-id: request id 
x-obs-id-2: id  
Content-Type: application/xml 
Content-Length: length 
Date: date 

<?xml version="1.0" encoding="UTF-8" standalone="yes"?> 
<ServerSideEncryptionConfiguration xmlns="http://obs.region.myhuaweicloud.com/doc/2015-06-30/"> 
    <Rule>
        <ApplyServerSideEncryptionByDefault>
            <SSEAlgorithm>kms</SSEAlgorithm>
            <KMSMasterKeyID>kmskeyid-value</KMSMasterKeyID>
            <ProjectID>projectid</ProjectID>
        </ApplyServerSideEncryptionByDefault>
    </Rule>
</ServerSideEncryptionConfiguration>

Response Headers

The response to the request uses common headers. For details, see Table 1.

Response Elements

This response contains the following elements to detail bucket encryption configuration:

Table 1 Configuration elements of bucket encryption

Parameter

Type

Description

ServerSideEncryptionConfiguration

Container

Definition:

Root element of the default bucket encryption configuration. ServerSideEncryptionConfiguration is the parent node of Rule.

Range:

None

Rule

Container

Definition:

Child element of the default bucket encryption configuration. Rule is the parent node of ApplyServerSideEncryptionByDefault.

Range:

For details, see Rule parameters.

Table 2 Rule parameter description

Parameter

Type

Description

ApplyServerSideEncryptionByDefault

Container

Definition:

The child element of the default bucket encryption configuration.

Range:

For details, see Table 3.

Table 3 ApplyServerSideEncryptionByDefault parameters

Parameter

Type

Description

SSEAlgorithm

String

Definition:

Server-side encryption algorithm used for the default encryption configuration of a bucket.

Range:

  • kms: SSE-KMS encryption and the AES256 algorithm are used.
  • AES256: SSE-OBS encryption and the AES256 algorithm are used.

KMSMasterKeyID

String

Definition:

KMS master key ID used in SSE-KMS encryption.

Range:

  • regionID:domainID:key/key_id
  • key_id

In the preceding formats:

ProjectID

String

Definition:

ID of the project where the KMS master key belongs when SSE-KMS is used.

Range:

Project ID that matches KMSMasterKeyID, that is, the ID of the project to which the master key with the specified KMSMasterKeyID belongs

Error Responses

In addition to common error codes, this API also returns others. The following table lists common errors and possible causes. For details, see Table 4.

Table 4 Error codes related to getting bucket encryption configuration

Error Code

Description

HTTP Status Code

NoSuchEncryptionConfiguration

The specified bucket does not have any encryption configurations

404 Not Found

Sample Request

1
2
3
4
5
6
GET /?encryption HTTP/1.1
User-Agent: curl/7.29.0
Host: examplebucket.obs.region.myhuaweicloud.com
Accept: */*
Date:  Thu, 21 Feb 2019 03:05:34 GMT
Authorization: OBS H4IPJX0TQTHTHEBQQCEC:DpSAlmLX/BTdjxU5HOEwflhM0WI=

Sample Response

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
HTTP/1.1 200 OK
Server: OBS
x-obs-request-id: BF26000001643670AC06E7B9A7767921
x-obs-id-2: 32AAAQAAEAABSAAgAAEAABAAAQAAEAABCSvK6z8HV6nrJh49gsB5vqzpgtohkiFm
Date: Thu, 21 Feb 2019 03:05:34 GMT
Content-Length: 788

<?xml version="1.0" encoding="UTF-8" standalone="yes"?> 
<ServerSideEncryptionConfiguration xmlns="http://obs.region.myhuaweicloud.com/doc/2015-06-30/"> 
    <Rule>
        <ApplyServerSideEncryptionByDefault>
            <SSEAlgorithm>kms</SSEAlgorithm>
            <KMSMasterKeyID>4f1cd4de-ab64-4807-920a-47fc42e7f0d0</KMSMasterKeyID>
        </ApplyServerSideEncryptionByDefault>
    </Rule>
</ServerSideEncryptionConfiguration>