Products: Managed Backup (Web), Microsoft 365 / Google Workspace Backup
Article ID: kb00362Last Modified: 24-Apr-2026

How to Work with SSE-C for Amazon S3

Overview

Amazon S3 disables the use of SSE-C encryption by default for all new buckets starting in April 2026.

Server-Side Encryption with Customer-Provided Keys (SSE-C) is an encryption method in Amazon Amazon S3 that allows you to manage your own encryption keys when storing data. With SSE-C, the encryption key is provided with each request and is not stored by Amazon S3.

What is SSE-C and When Is It Needed

SSE-C is used when you want full control over encryption keys and do not want them stored or managed by the storage provider. This approach may be required for specific security or compliance policies.

Configuration Requirement for M365 / Google Backup

To properly create a bucket for Microsoft 365 or Google Workspace backups, ensure the following:

  • The Blocked encryption types: SSE-C option is unchecked.

If this option is enabled, the bucket may not be configured correctly for backup operations. Clear the Blocked encryption types: SSE-C checkbox.

https://git.cloudberrylab.com/egor.m/doc-help-kb.git
Production