Enabling Server-Side Encryption on B2 Cloud Storage Enabling Server-Side Encryption on B2 Cloud Storage

Enabling Server-Side Encryption on B2 Cloud Storage

Lin Lin

Server-side encryption protects your data by encrypting it before it is stored on disk by Backblaze B2 Cloud Storage. Files that are encrypted using server-side encryption (SSE) may be accessed using the same API calls as other B2 files (using either our B2 Native API or the S3 Compatible API).


Additionally, SSE may be enabled on a bucket in the web application. Please review the screen captures below that display how the web application supports SSE.

Enabling Encryption from the Web Application

SSE-B2 may be enabled on a bucket either when creating a new bucket


or on an existing bucket via Bucket Settings (click Bucket Settings from the Bucket card)




  • By default, SSE-B2 is disabled for a new bucket.
  • Once SSE-B2 is enabled for a bucket, all uploads from the time encryption is enabled will then be encrypted with SSE-B2 by default, unless you explicitly specify SSE-C encryption for a given file at upload time. Existing files in the bucket are not affected by default bucket encryption settings.


To verify whether a file is encrypted, open a bucket and view the list of files. Files with the lock icon to the left of the filename indicate that the file is encrypted. Those files encrypted with SSE-C are indicated by the lock icon and a “c”.


Whether a file is encrypted (SSE-B2 or SSE-C) may also be determined by viewing the File Details modal (click the information icon on the Browse Files page).