AWS Data File Encryption

Snowflake supports either client-side encryption or server-side encryption to decrypt files staged in S3 buckets.

  • Client-side encryption:

    • AWS_CSE: Requires a MASTER_KEY value.

  • Server-side encryption:

    • AWS_SSE_S3: Requires no additional encryption settings.

    • AWS_SSE_KMS: Accepts an optional KMS_KEY_ID value.

For more information about the encryption types, see the AWS documentation for client-side encryption or server-side encryption.

Note that using AWS Key Management Service (KMS) to manage keys requires IAM policy configuration. For information, see the KMS documentation.

Next: Creating an S3 Stage