By default, VMware Cloud Director Object Storage Extension does not enforce any bucket-level encryption. You can define an encryption method at the bucket level.

If both server-side encryption and bucket encryption are configured, the bucket encryption configuration takes precedence.

If you enforce an object-level encryption through the VMware Cloud Director Object Storage Extension API, the object-level encryption takes precedence over the bucket encryption configuration.

Prerequisites

Verify that you have the required set of rights to edit the bucket encryption configuration.
  • If you are an organization administrator, you can edit the bucket encryption configuration for the buckets that users in your organization own.
  • If you are an organization user, you can edit the bucket encryption configuration for the buckets that you own.

Procedure

  1. Log in to the VMware Cloud Director tenant portal.
  2. From the More drop-down menu, select Object Storage.
  3. In the Buckets pane, click the name of the bucket that you want to edit.
  4. On the VMware Cloud Director Object Storage ExtensionProperties tab, click Edit in the Encryption card.
  5. Select the encryption method for the bucket.
    Option Description
    Encryption Method Description
    SSE-S3 A server-side encryption method that uses an AES-256 algorithm. An S3 server manages the primary keys.
    None By default, VMware Cloud Director Object Storage Extension does not enforce bucket-level encryption.
  6. Select the check box and click Save.