Skip to main content

Object Storage Data Encryption (SSE-C)

Server-Side Encryption with Customer-Provided Keys (SSE-C)

Server-Side Encryption with Customer-Provided Keys (SSE-C) is a feature in FPT Object Storage that helps enhance the security of your data by using encryption keys provided by the customer. Below is how it works and the important points of this feature:

How SSE-C Works

  1. Uploading Data:
    • When you upload an object, you need to provide the encryption key along with the data.
    • FPT Object Storage uses this encryption key to encrypt the data before storing it.
    • After encryption is complete, the encryption key is destroyed and not stored on the system.
  2. Downloading Data:
    • When you download data, you need to provide the encryption key that you used to encrypt the data originally.
    • FPT Object Storage uses this key to decrypt the data and return it to you.

Important Points

  • Key Management:
    • You are fully responsible for managing your encryption keys.
    • FPT Object Storage does not store your encryption keys. If you lose your encryption key, you will not be able to access the data encrypted with that key.
  • Security:
    • SSE-C provides an additional layer of data protection, which is especially useful for organizations that require compliance with strict security regulations.
    • Customers have full control over access to critical objects through encryption key management.
  • Usage:
    • When using SSE-C, you need to create, store, and protect your encryption keys yourself.
    • Make sure you have appropriate security procedures in place to manage and protect these encryption keys.

SSE-C is an effective method for protecting sensitive data in FPT Object Storage, providing customers with maximum control over access and security of their data.

Last updated on by Dang Tran