Configuring stored object encryption

Stored object encryption enables the encryption of stored object data so that if an object store is compromised data cannot be retrieved in a readable form. By default, objects are not encrypted.

Before you begin

About this task

Objects can also be encrypted using the AES‐128 or AES‐256 encryption algorithm. Stored object encryption enables the encryption of all object data ingested through S3 or Swift. If disabled, currently encrypted objects remain encrypted. For S3 objects, the Stored Object Encryption setting can be overridden by the x-amz-server-side-encryption header. If you use the x-amz-server-side-encryption header, you must specify the AES-256 encryption algorithm in the request.

Note: If you change this setting, it may take a short period of time for the new setting to be applied. The configured value is cached for performance and scaling. If you want to ensure that the new setting is applied immediately, you need to restart the StorageGRID Webscale system.


  1. Select Configuration > Grid Options.
  2. From the Grid Options menu, select Configuration.
  3. Change Stored Object Encryption to Disabled, AES-256, or AES-128.
    Stored Object Encryption
  4. Click Apply Changes.