Configuring stored object encryption

When stored objects are encrypted, if an object store is compromised data cannot be retrieved in a readable form. By default, objects are not encrypted.

Before you begin

About this task

Stored object encryption enables the encryption of all object data as it is ingested through S3 or Swift. When you enable the setting, all newly ingested objects are encrypted but no change is made to existing stored objects. If you disable encryption, currently encrypted objects remain encrypted but newly ingested objects are not encrypted.

Note: If you change this setting, it will take about one minute for the new setting to be applied. The configured value is cached for performance and scaling.

Objects can be encrypted using the AES‐128 or AES‐256 encryption algorithm.

For S3 objects, the Stored Object Encryption setting can be overridden by the x-amz-server-side-encryption header. If you use the x-amz-server-side-encryption header, you must specify the AES-256 encryption algorithm in the request.


  1. Select Configuration > Grid Options.
  2. From the Grid Options menu, select Configuration.
  3. Change Stored Object Encryption to Disabled, AES-256, or AES-128.
    Stored Object Encryption
  4. Click Apply Changes.