# Use `PutBucketEncryption` with an AWS SDK The following code example shows how to use `PutBucketEncryption`. ------ #### [ Java ] **SDK for Java 2.x** There's more on GitHub. Find the complete example and learn how to set up and run in the [AWS Code Examples Repository](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/javav2/example_code/s3/src/main/java/com/example/s3/directorybucket#code-examples). Set bucket encryption to a directory bucket. ``` import org.slf4j.Logger; import org.slf4j.LoggerFactory; import software.amazon.awssdk.regions.Region; import software.amazon.awssdk.services.kms.KmsClient; import software.amazon.awssdk.services.s3.S3Client; import software.amazon.awssdk.services.s3.model.PutBucketEncryptionRequest; import software.amazon.awssdk.services.s3.model.S3Exception; import software.amazon.awssdk.services.s3.model.ServerSideEncryption; import software.amazon.awssdk.services.s3.model.ServerSideEncryptionByDefault; import software.amazon.awssdk.services.s3.model.ServerSideEncryptionConfiguration; import software.amazon.awssdk.services.s3.model.ServerSideEncryptionRule; import static com.example.s3.util.S3DirectoryBucketUtils.createDirectoryBucket; import static com.example.s3.util.S3DirectoryBucketUtils.createKmsClient; import static com.example.s3.util.S3DirectoryBucketUtils.createKmsKey; import static com.example.s3.util.S3DirectoryBucketUtils.deleteDirectoryBucket; import static com.example.s3.util.S3DirectoryBucketUtils.scheduleKeyDeletion; /** * Sets the default encryption configuration for an S3 bucket as SSE-KMS. * * @param s3Client The S3 client used to interact with S3 * @param bucketName The name of the directory bucket * @param kmsKeyId The ID of the customer-managed KMS key */ public static void putDirectoryBucketEncryption(S3Client s3Client, String bucketName, String kmsKeyId) { // Define the default encryption configuration to use SSE-KMS. For directory // buckets, AWS managed KMS keys aren't supported. Only customer-managed keys // are supported. ServerSideEncryptionByDefault encryptionByDefault = ServerSideEncryptionByDefault.builder() .sseAlgorithm(ServerSideEncryption.AWS_KMS) .kmsMasterKeyID(kmsKeyId) .build(); // Create a server-side encryption rule to apply the default encryption // configuration. For directory buckets, the bucketKeyEnabled field is enforced // to be true. ServerSideEncryptionRule rule = ServerSideEncryptionRule.builder() .bucketKeyEnabled(true) .applyServerSideEncryptionByDefault(encryptionByDefault) .build(); // Create the server-side encryption configuration for the bucket ServerSideEncryptionConfiguration encryptionConfiguration = ServerSideEncryptionConfiguration.builder() .rules(rule) .build(); // Create the PutBucketEncryption request PutBucketEncryptionRequest putRequest = PutBucketEncryptionRequest.builder() .bucket(bucketName) .serverSideEncryptionConfiguration(encryptionConfiguration) .build(); // Set the bucket encryption try { s3Client.putBucketEncryption(putRequest); logger.info("SSE-KMS Bucket encryption configuration set for the directory bucket: {}", bucketName); } catch (S3Exception e) { logger.error("Failed to set bucket encryption: {} - Error code: {}", e.awsErrorDetails().errorMessage(), e.awsErrorDetails().errorCode()); throw e; } } ``` + For API details, see [PutBucketEncryption](https://docs.aws.amazon.com/goto/SdkForJavaV2/s3-2006-03-01/PutBucketEncryption) in *AWS SDK for Java 2.x API Reference*. ------ For a complete list of AWS SDK developer guides and code examples, see [Developing with Amazon S3 using the AWS SDKs](sdk-general-information-section.md). This topic also includes information about getting started and details about previous SDK versions.