Skip to main content

EOS Encryption

E2E Networks Object Storage (EOS) Encryption enhances data security by encrypting objects within your storage buckets. This ensures that sensitive files and information remain protected from unauthorized access or data breaches, even if the underlying storage infrastructure is compromised.

Object storage encryption is applied transparently, allowing users to upload, retrieve, and manage files as usual, while all data remains encrypted behind the scenes. This feature is crucial for organizations handling regulated or confidential information, helping to meet compliance requirements and support cloud data protection strategies.

Note

Currently E2E Managed Encryption is only available for Delhi region.

How E2E Managed EOS Encryption Works ?

  • E2E Managed EOS Encryption is enabled at the bucket level. When creating a new bucket, users can enable encryption by toggling the "Enable Encryption" option.

  • EOS uses server-side encryption (SSE), where the system handles key management and encryption operations automatically. Users do not need to manually manage keys or configure encryption mechanisms.

  • All files (objects) uploaded to an encrypted bucket are automatically encrypted. Similarly, when these files are retrieved, they are seamlessly decrypted in transit, ensuring a smooth and secure user experience.

  • Encrypted buckets and their contents can still leverage EOS features like versioning, lifecycle policies, replication, and access control mechanisms without limitations.

Note

E2E Managed Encryption must be enabled at the time of bucket creation. Once a bucket is created without encryption, it cannot be encrypted. To enable encryption for an existing dataset, a new encrypted bucket must be created and data should be migrated manually.

How E2E Managed Encryption Affects Object Uploads and Downloads ?

  • Uploads to an encrypted bucket are automatically encrypted server-side, no extra action is required from user.

  • Downloads from an encrypted bucket are automatically decrypted by EOS backend before delivering to user.

  • Encryption is transparent and does not affect API interactions, access control policies, or object metadata.

E2E Managed Encryption and Object Versioning

  • When object versioning is enabled on an encrypted bucket, each version of an object is encrypted independently.

  • Deleting or restoring versions will retain encryption properties—there is no exposure of unencrypted data at any point.

  • Version history maintains the encrypted state, providing full traceability and protection across all object changes.

Note

Currently, replication rules cannot be applied to encrypted buckets. Support for this will be added in the future.