scaleway · SamyOubouaziz · Feb 3, 2026
@@ -1,5 +1,5 @@
 ---
-title: Enabling server-side encryption (SSE-C)
+title: Enabling server-side encryption with customer-provided keys (SSE-C)
 description: Enable server-side encryption with customer-provided keys (SSE-C) in Scaleway.
 tags: object storage server side encryption sse sse-c cli s3
 dates:
@@ -12,7 +12,7 @@ import Requirements from '@macros/iam/requirements.mdx'
 **S**erver-**S**ide **E**ncryption with **C**ustomer-provided keys (SSE-C) is an encryption method provided by Scaleway Object Storage to protect your data at rest. It allows you to supply your own encryption keys to encrypt data when it is uploaded, and to decrypt data when accessed.
 
 <Message type="note">
-Currently, Scaleway does not support other types of server-side encryption methods, such as SSE-KMS, or SSE-S3.
+Scaleway also supports SSE-SCW. Refer to the [dedicated documentation](/object-storage/api-cli/enable-sse-scw/) for more information.
 </Message>
 
 ## SSE-C overview

@@ -0,0 +1,72 @@
+---
+title: Enabling server-side encryption with object native encryption (SSE-ONE)
+description: Enable server-side encryption with object native encryption (SSE-ONE) for Scaleway Object Storage.
+tags: object storage server side encryption sse one cli scaleway managed keys
+dates:
+  validation: 2026-02-03
+  posted: 2026-02-03
+---
+import Requirements from '@macros/iam/requirements.mdx'
+
+**S**erver-**S**ide **E**ncryption with **O**bject **N**ative **E**ncryption (SSE-S3) is an encryption method provided by Scaleway Object Storage to protect your data at rest. It allows you to encrypt data when it is uploaded, and to decrypt data when accessed, with Scaleway managing encryption keys (AES-256).
+
+By default, SSE-ONE is applied per-upload, meaning that you must specify the encryption parameter for each PutObject operation. However, you can enable SSE-ONE on a bucket, so that each object uploaded is automatically encrypted at rest with an individual encryption key. Scaleway manages the creation, lifecycle, and deletion of encryption keys.
+
+Scaleway SSE-ONE behaves similarly to Server Side Encryption with Amazon S3 managed keys (SSE-S3).
+
+<Message type="note">
+Scaleway also supports SSE-C. Refer to the [dedicated documentation](/object-storage/api-cli/enable-sse-c/) for more information.
+</Message>
+
+<Requirements />
+
+- A Scaleway account logged into the [console](https://console.scaleway.com)
+- [Owner](/iam/concepts/#owner) status or [IAM permissions](/iam/concepts/#permission) allowing you to perform actions in the intended Organization
+- An [Object Storage bucket](/object-storage/how-to/create-a-bucket/)
+- Installed and initialized the [AWS CLI](/object-storage/api-cli/object-storage-aws-cli/)
+
+## Enabling SSE-ONE on an existing bucket
+
+You can enable SSE-ONE on existing buckets. Objects uploaded **after** enabling SSE-ONE are automatically encrypted. However, objects existing in the bucket before enabling SSE-ONE will not be encrypted, as encryption occurs during object upload.
+
+1. In a terminal, run the command below to enable SSE-ONE on the target bucket. Make sure to replace `<your-bucket-name>` with the correct value. 
+
+    ```bash
+    aws s3api put-bucket-encryption \
+    --bucket <your-bucket-name> \
+    --server-side-encryption-configuration '{
+        "Rules": [
+            {
+                "ApplyServerSideEncryptionByDefault": {
+                    "SSEAlgorithm": "AES256"
+                }
+            }
+        ]
+      }'
+    ```
+
+2. run the command below to make sure the encryption was properly applied. Make sure to replace `<your-bucket-name>` with the correct value. 
+
+    ```bash
+    aws s3api get-bucket-encryption --bucket <your-bucket-name>
+    ```
+
+    An output similar to the following displays:
+
+    ```json
+    {
+      "ServerSideEncryptionConfiguration": {
+        "Rules": [
+          {
+            "ApplyServerSideEncryptionByDefault": {
+              "SSEAlgorithm": "AES256"
+            },
+            "BucketKeyEnabled": false
+          }
+        ]
+      }
+    }
+    ```
+
+SSE-ONE is enabled on your bucket. Each object uploaded from now on will be automatically encrypted using AES-256 keys managed by Scaleway.
+
@@ -141,6 +141,10 @@ export const objectStorageMenu = {
           label: 'Enabling SSE-C',
           slug: 'enable-sse-c',
         },
+        {
+          label: 'Enabling SSE-SCW',
+          slug: 'enable-sse-scw',
+        },
         {
           label: 'Setting CORS rules',
           slug: 'setting-cors-rules',