From 57e838e335cb6a16750c7884975d94857925e38d Mon Sep 17 00:00:00 2001 From: SamyOubouaziz Date: Wed, 27 Aug 2025 18:01:36 +0200 Subject: [PATCH 1/9] docs(obj): add compliant bucket creation how to MTA-6389 --- menu/navigation.json | 4 ++++ .../how-to/create-compliant-bucket.mdx | 24 +++++++++++++++++++ 2 files changed, 28 insertions(+) create mode 100644 pages/object-storage/how-to/create-compliant-bucket.mdx diff --git a/menu/navigation.json b/menu/navigation.json index a83d0a2d6d..296c0ff1c4 100644 --- a/menu/navigation.json +++ b/menu/navigation.json @@ -5234,6 +5234,10 @@ "label": "Manage lifecycle rules", "slug": "manage-lifecycle-rules" }, + { + "label":"Create a compliant bucket", + "slug":"create-compliant-bucket" + }, { "label": "View and abort incomplete multipart uploads", "slug": "abort-incomplete-mpu" diff --git a/pages/object-storage/how-to/create-compliant-bucket.mdx b/pages/object-storage/how-to/create-compliant-bucket.mdx new file mode 100644 index 0000000000..3a6f148719 --- /dev/null +++ b/pages/object-storage/how-to/create-compliant-bucket.mdx @@ -0,0 +1,24 @@ +--- +title: How to create a compliant bucket +description: This page details the steps to follow to create a compliant bucket using Scaleway Object Storage +tags: +dates: + validation: 2025-08-27 + posted: 2025-08-27 +--- + +It is crucial to follow the recommendations outlined in the shared responsibility model when hosting health data to ensure compliance with legal and regulatory requirements, such as data protection laws and industry standards. + +Adhering to these guidelines helps safeguard sensitive information against unauthorized access, breaches, and data loss, while also clarifying the roles and responsibilities between the cloud provider and the customer. + +Follow the procedure below to create a compliant bucket. + +## Compliant bucket creation checklist + +Make sure that your bucket follows the requirements below: + +- Your bucket must be created in the **France - Paris** (`fr-par`) region. +- Lifecycle rules must be disabled +- Your objects within this bucket must not be stored using the **Glacier** storage class. +- You must use a valid encryption and deletion method (as explained above) +- You must follow the provided security best practices at all times \ No newline at end of file From a3bf1aadd53fff2b751e151d8240ae78db64a32f Mon Sep 17 00:00:00 2001 From: SamyOubouaziz Date: Thu, 28 Aug 2025 15:31:47 +0200 Subject: [PATCH 2/9] docs(obj): update --- .../how-to/create-compliant-bucket.mdx | 42 +++++++++++++++++-- 1 file changed, 38 insertions(+), 4 deletions(-) diff --git a/pages/object-storage/how-to/create-compliant-bucket.mdx b/pages/object-storage/how-to/create-compliant-bucket.mdx index 3a6f148719..c690bdd289 100644 --- a/pages/object-storage/how-to/create-compliant-bucket.mdx +++ b/pages/object-storage/how-to/create-compliant-bucket.mdx @@ -6,19 +6,53 @@ dates: validation: 2025-08-27 posted: 2025-08-27 --- +import Requirements from '@macros/iam/requirements.mdx' -It is crucial to follow the recommendations outlined in the shared responsibility model when hosting health data to ensure compliance with legal and regulatory requirements, such as data protection laws and industry standards. +It is crucial to follow the recommendations outlined in the [shared responsibility model](/object-storage/reference-content/) when hosting health data to ensure compliance with legal and regulatory requirements, such as data protection laws and industry standards. Adhering to these guidelines helps safeguard sensitive information against unauthorized access, breaches, and data loss, while also clarifying the roles and responsibilities between the cloud provider and the customer. -Follow the procedure below to create a compliant bucket. + + +- A Scaleway account logged into the [console](https://console.scaleway.com) +- [Owner](/iam/concepts/#owner) status or [IAM permissions](/iam/concepts/#permission) allowing you to perform actions in the intended Organization + +## How to create a compliant Object Storage bucket to host healthcare data + +Even though you can use an existing bucket to host healthcare data, we strongly recommend you create a dedicated bucket for this purpose. This is to make sure that no lifecycle rule exists, and that every object uploaded to this bucket is properly encrypted. + +1. Click **Object Storage** on the left side menu of the console. The Object Storage dashboard displays. +2. Click **+ Create bucket**. The bucket creation page displays. +3. Enter a name for your bucket. +4. Select the Paris region. +5. Set the bucket visibility to **Private**. + +6. Select a use case for your bucket. +7. Enable [bucket versioning](/object-storage/how-to/use-bucket-versioning/) if you want to store multiple versions of your objects (this may lead to higher storage costs). +8. Optionally, you can use the cost estimator to simulate your Object Storage costs. +10. Click **Create bucket** to confirm. A list of your buckets displays, showing the newly created bucket. + +## How to encrypt and push objects to your Bucket + +Objects in a compliant bucket must be encrypted to make sure data is protected. To achieve this, several options are available: + +- Scaleway's SSE-C (**S**erver-**S**ide **E**ncryption with **C**ustomer-provided keys) mechanism garantees that objects uploaded to the bucket are properly encrypted. + +- The `put-bucket-encryption` operation + ## Compliant bucket creation checklist Make sure that your bucket follows the requirements below: - Your bucket must be created in the **France - Paris** (`fr-par`) region. -- Lifecycle rules must be disabled +- Your bucket must not have active lifecycle rules - Your objects within this bucket must not be stored using the **Glacier** storage class. - You must use a valid encryption and deletion method (as explained above) -- You must follow the provided security best practices at all times \ No newline at end of file +- You must follow the provided security best practices at all times + +## Enforcing compliance using bucket policies + +To enforce compliance regarding the storage class and lifecycle rules, you can set up a bucket policy. Bucket policies deny any action that is not explicitly allowed in a statement, allowing for fine-grained permissions management. + +Refer to the [dedicated documentation](/object-storage/api-cli/bucket-policy/) for more information on bucket policies. From f012ab21893ee8c9b863eaa280f85c85c32d9d28 Mon Sep 17 00:00:00 2001 From: SamyOubouaziz Date: Thu, 28 Aug 2025 17:30:10 +0200 Subject: [PATCH 3/9] docs(obj): update --- .../how-to/create-compliant-bucket.mdx | 34 +++++++++++++++---- 1 file changed, 27 insertions(+), 7 deletions(-) diff --git a/pages/object-storage/how-to/create-compliant-bucket.mdx b/pages/object-storage/how-to/create-compliant-bucket.mdx index c690bdd289..cdc84d87f5 100644 --- a/pages/object-storage/how-to/create-compliant-bucket.mdx +++ b/pages/object-storage/how-to/create-compliant-bucket.mdx @@ -22,24 +22,44 @@ Adhering to these guidelines helps safeguard sensitive information against unaut Even though you can use an existing bucket to host healthcare data, we strongly recommend you create a dedicated bucket for this purpose. This is to make sure that no lifecycle rule exists, and that every object uploaded to this bucket is properly encrypted. 1. Click **Object Storage** on the left side menu of the console. The Object Storage dashboard displays. + 2. Click **+ Create bucket**. The bucket creation page displays. -3. Enter a name for your bucket. -4. Select the Paris region. + +3. Enter a **name** for your bucket. + +4. Select the **Paris** region. + 5. Set the bucket visibility to **Private**. - -6. Select a use case for your bucket. + +6. Select a **use case** for your bucket. + 7. Enable [bucket versioning](/object-storage/how-to/use-bucket-versioning/) if you want to store multiple versions of your objects (this may lead to higher storage costs). + 8. Optionally, you can use the cost estimator to simulate your Object Storage costs. -10. Click **Create bucket** to confirm. A list of your buckets displays, showing the newly created bucket. -## How to encrypt and push objects to your Bucket +10. Click **Create bucket** to confirm. + +Your bucket is now ready to store healthcare data. Refer to the section below for information on how to encrypt your objects. + +## Compliant methods to encrypt objects Objects in a compliant bucket must be encrypted to make sure data is protected. To achieve this, several options are available: - Scaleway's SSE-C (**S**erver-**S**ide **E**ncryption with **C**ustomer-provided keys) mechanism garantees that objects uploaded to the bucket are properly encrypted. -- The `put-bucket-encryption` operation +- Customer-side encryption mechanisms to upload objects that are already encrypted. This method must be used in combination with [Scaleway's HDS-compliant deletion method](). + +## Compliant methods to delete objects + +### SSE-C + +If you use Scaleway's SSE-C to encrypt your data, using [DeleteObject](/object-storage/api-cli/object-operations/#deleteobject) is sufficient to garantee that your object is deleted in compliance with the regulatory requirements. + +### Customer-side encrpytion methods + +This mechanism is designed to handle compliant deletion of your data, and not its encryption. Make sure to use it in combination with a compliant encryption method, such as SSE-C or any other customer-side approach to upload your objects. + ## Compliant bucket creation checklist From 30cd8febf40fdbe3dda29ae5f951eb56156c36b4 Mon Sep 17 00:00:00 2001 From: SamyOubouaziz Date: Fri, 29 Aug 2025 15:16:20 +0200 Subject: [PATCH 4/9] docs(obj): update --- .../how-to/create-compliant-bucket.mdx | 56 ++++++++++++++----- 1 file changed, 41 insertions(+), 15 deletions(-) diff --git a/pages/object-storage/how-to/create-compliant-bucket.mdx b/pages/object-storage/how-to/create-compliant-bucket.mdx index cdc84d87f5..cdd62189fc 100644 --- a/pages/object-storage/how-to/create-compliant-bucket.mdx +++ b/pages/object-storage/how-to/create-compliant-bucket.mdx @@ -17,7 +17,7 @@ Adhering to these guidelines helps safeguard sensitive information against unaut - A Scaleway account logged into the [console](https://console.scaleway.com) - [Owner](/iam/concepts/#owner) status or [IAM permissions](/iam/concepts/#permission) allowing you to perform actions in the intended Organization -## How to create a compliant Object Storage bucket to host healthcare data +## How to create a compliant bucket Even though you can use an existing bucket to host healthcare data, we strongly recommend you create a dedicated bucket for this purpose. This is to make sure that no lifecycle rule exists, and that every object uploaded to this bucket is properly encrypted. @@ -37,25 +37,45 @@ Even though you can use an existing bucket to host healthcare data, we strongly 8. Optionally, you can use the cost estimator to simulate your Object Storage costs. -10. Click **Create bucket** to confirm. +9. Click **Create bucket** to confirm. -Your bucket is now ready to store healthcare data. Refer to the section below for information on how to encrypt your objects. +Your bucket is now ready to store healthcare data. Before uploading objects, refer to the sections below for information on how to encrypt and delete your objects in compliance with regulations. -## Compliant methods to encrypt objects +## Prohibited actions on a compliant Bucket -Objects in a compliant bucket must be encrypted to make sure data is protected. To achieve this, several options are available: +to host healthcare data, you must comply to the following requirements: -- Scaleway's SSE-C (**S**erver-**S**ide **E**ncryption with **C**ustomer-provided keys) mechanism garantees that objects uploaded to the bucket are properly encrypted. +- You must not use the [Glacier](/object-storage/concepts/#storage-classes) storage class. Refer to the [Shared responsibility model]() for more information on this requirement. -- Customer-side encryption mechanisms to upload objects that are already encrypted. This method must be used in combination with [Scaleway's HDS-compliant deletion method](). +- You must not use [lifecycle rules](/object-storage/concepts/#lifecycle-configuration) in your compliant bucket. -## Compliant methods to delete objects +## How to encrypt objects -### SSE-C +Objects in a compliant bucket must be encrypted to make sure data is protected. To achieve this, you can either use Scaleway's SSE-C feature, or encrypt objects yourself before uploading them to your bucket. + +### Encryption with SSE-C + +Scaleway's SSE-C (**S**erver-**S**ide **E**ncryption with **C**ustomer-provided keys) mechanism garantees that objects uploaded to the bucket are properly encrypted. + +You can check that your objects are propery encrypted by performing a simple `HeadObject` operation on an encrypted object. Scaleway Object Storage will return a `400` error if SSE-C has been used to upload this object. + +Refer to the [dedicated documentation](/object-storage/api-cli/enable-sse-c/) for comprehensive information on how to encrypt objects using SSE-C. + +### Customer-side encryption + +Customer-side encryption ensures that sensitive data is protected before reaching Scaleway Object Storage, giving you control on the encryption mechanism, and keys managemnent. This method must be used in combination with [Scaleway's HDS-compliant deletion method](). + +## How to delete objects + +Objects must be deleted following in a compliant way to make sure data cannot be retrieved afterward. The deletion method varies according to the encryption method. + +### Deleting objects encrypted with SSE-C If you use Scaleway's SSE-C to encrypt your data, using [DeleteObject](/object-storage/api-cli/object-operations/#deleteobject) is sufficient to garantee that your object is deleted in compliance with the regulatory requirements. -### Customer-side encrpytion methods +### Deleting objects with customer-side encrpytion + +If you do not use Scaleway's SSE-C to encrypt your data, you must use Scaleway's HDS-compliant method to delete objects. You must enable bucket encryption beforehand, using the `PutBucketEncryption` operation. This mechanism is designed to handle compliant deletion of your data, and not its encryption. Make sure to use it in combination with a compliant encryption method, such as SSE-C or any other customer-side approach to upload your objects. @@ -65,11 +85,17 @@ This mechanism is designed to handle compliant deletion of your data, and not it Make sure that your bucket follows the requirements below: -- Your bucket must be created in the **France - Paris** (`fr-par`) region. -- Your bucket must not have active lifecycle rules -- Your objects within this bucket must not be stored using the **Glacier** storage class. -- You must use a valid encryption and deletion method (as explained above) -- You must follow the provided security best practices at all times +1. Make sure you [created your bucket](#how-to-create-a-compliant-bucket) in the **France - Paris** (`fr-par`) region. + +2. Make sure that there is no active lifecycle rules for your bucket. + +3. Make sure that your objects within this bucket are not stored using the **Glacier** storage class. + +4. Use a valid [encryption method](#how-to-encrypt-objects). + +4. Use a valid [deletion method](#how-to-delete-objects). + +6. Follow the provided security best practices at all times. ## Enforcing compliance using bucket policies From c87caa0602f9652aa7a67e9a4873b181a7e441f2 Mon Sep 17 00:00:00 2001 From: SamyOubouaziz Date: Fri, 29 Aug 2025 15:30:01 +0200 Subject: [PATCH 5/9] docs(obj): update --- .../how-to/create-compliant-bucket.mdx | 16 ++++++++++------ 1 file changed, 10 insertions(+), 6 deletions(-) diff --git a/pages/object-storage/how-to/create-compliant-bucket.mdx b/pages/object-storage/how-to/create-compliant-bucket.mdx index cdd62189fc..d450df92c9 100644 --- a/pages/object-storage/how-to/create-compliant-bucket.mdx +++ b/pages/object-storage/how-to/create-compliant-bucket.mdx @@ -81,6 +81,12 @@ If you do not use Scaleway's SSE-C to encrypt your data, you must use Scaleway's This mechanism is designed to handle compliant deletion of your data, and not its encryption. Make sure to use it in combination with a compliant encryption method, such as SSE-C or any other customer-side approach to upload your objects. +## Enforcing compliance using bucket policies + +To enforce compliance regarding the storage class and lifecycle rules, you can set up a bucket policy. **Bucket policies automatically deny any action that is not explicitly allowed in a statement**, allowing for fine-grained permissions management. + +Refer to the [dedicated documentation](/object-storage/api-cli/bucket-policy/) for more information on bucket policies. + ## Compliant bucket creation checklist Make sure that your bucket follows the requirements below: @@ -93,12 +99,10 @@ Make sure that your bucket follows the requirements below: 4. Use a valid [encryption method](#how-to-encrypt-objects). -4. Use a valid [deletion method](#how-to-delete-objects). +5. Use a valid [deletion method](#how-to-delete-objects). -6. Follow the provided security best practices at all times. - -## Enforcing compliance using bucket policies +7. Use [bucket policies](#enforcing-compliance-using-bucket-policies) to restrict permissions and prevent unwanted operations. -To enforce compliance regarding the storage class and lifecycle rules, you can set up a bucket policy. Bucket policies deny any action that is not explicitly allowed in a statement, allowing for fine-grained permissions management. +6. Follow the provided security best practices at all times. -Refer to the [dedicated documentation](/object-storage/api-cli/bucket-policy/) for more information on bucket policies. +Refer to the [Object Storage Shared Responsibility Model] for comprehensive information on the legal framework to host healthcare data. From d094b846d14866292f7b9b19ed75b4c58a8cb2f7 Mon Sep 17 00:00:00 2001 From: SamyOubouaziz Date: Fri, 29 Aug 2025 17:19:43 +0200 Subject: [PATCH 6/9] docs(obj): update --- pages/object-storage/how-to/create-compliant-bucket.mdx | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pages/object-storage/how-to/create-compliant-bucket.mdx b/pages/object-storage/how-to/create-compliant-bucket.mdx index d450df92c9..52cfcc53dd 100644 --- a/pages/object-storage/how-to/create-compliant-bucket.mdx +++ b/pages/object-storage/how-to/create-compliant-bucket.mdx @@ -101,8 +101,8 @@ Make sure that your bucket follows the requirements below: 5. Use a valid [deletion method](#how-to-delete-objects). -7. Use [bucket policies](#enforcing-compliance-using-bucket-policies) to restrict permissions and prevent unwanted operations. +6. Use [bucket policies](#enforcing-compliance-using-bucket-policies) to restrict permissions and prevent unwanted operations. -6. Follow the provided security best practices at all times. +7. Follow the provided security best practices at all times. Refer to the [Object Storage Shared Responsibility Model] for comprehensive information on the legal framework to host healthcare data. From d6cb1e59aeb380010936d9ff8b8c99fa93cef123 Mon Sep 17 00:00:00 2001 From: SamyOubouaziz Date: Mon, 1 Sep 2025 10:59:11 +0200 Subject: [PATCH 7/9] docs(obj): update --- menu/navigation.json | 4 ++-- ...liant-bucket.mdx => host-healthcare-data.mdx} | 16 ++++++++++++---- 2 files changed, 14 insertions(+), 6 deletions(-) rename pages/object-storage/how-to/{create-compliant-bucket.mdx => host-healthcare-data.mdx} (86%) diff --git a/menu/navigation.json b/menu/navigation.json index 296c0ff1c4..716401ddab 100644 --- a/menu/navigation.json +++ b/menu/navigation.json @@ -5235,8 +5235,8 @@ "slug": "manage-lifecycle-rules" }, { - "label":"Create a compliant bucket", - "slug":"create-compliant-bucket" + "label":"Host healthcare data (HDS)", + "slug":"host-healthcare-data" }, { "label": "View and abort incomplete multipart uploads", diff --git a/pages/object-storage/how-to/create-compliant-bucket.mdx b/pages/object-storage/how-to/host-healthcare-data.mdx similarity index 86% rename from pages/object-storage/how-to/create-compliant-bucket.mdx rename to pages/object-storage/how-to/host-healthcare-data.mdx index 52cfcc53dd..c762e9f5aa 100644 --- a/pages/object-storage/how-to/create-compliant-bucket.mdx +++ b/pages/object-storage/how-to/host-healthcare-data.mdx @@ -1,6 +1,6 @@ --- -title: How to create a compliant bucket -description: This page details the steps to follow to create a compliant bucket using Scaleway Object Storage +title: How to create a compliant bucket to host healthcare data +description: This page details the steps to follow to create a compliant bucket using Scaleway Object Storage to host healthcare data tags: dates: validation: 2025-08-27 @@ -8,10 +8,18 @@ dates: --- import Requirements from '@macros/iam/requirements.mdx' -It is crucial to follow the recommendations outlined in the [shared responsibility model](/object-storage/reference-content/) when hosting health data to ensure compliance with legal and regulatory requirements, such as data protection laws and industry standards. +When hosting healthcare data using Scaleway Object Storage, you must follow the recommendations outlined in the [shared responsibility model](/object-storage/reference-content/) to ensure compliance with legal and regulatory requirements, such as data protection laws, and industry standards. Adhering to these guidelines helps safeguard sensitive information against unauthorized access, breaches, and data loss, while also clarifying the roles and responsibilities between the cloud provider and the customer. +This documentation provides the following elements: + +- A procedure to create a compliant bucket +- Information on prohibited actions +- Compliant encryption methods +- Compliant deletion methods +- A checklist to ensure you are ready to safely store healthcare data + - A Scaleway account logged into the [console](https://console.scaleway.com) @@ -105,4 +113,4 @@ Make sure that your bucket follows the requirements below: 7. Follow the provided security best practices at all times. -Refer to the [Object Storage Shared Responsibility Model] for comprehensive information on the legal framework to host healthcare data. +Refer to the [Object Storage Shared Responsibility Model]() for comprehensive information on the legal framework to host healthcare data. From 5c03bb1f9ff58c3c149e97625a253937015332fe Mon Sep 17 00:00:00 2001 From: SamyOubouaziz Date: Mon, 1 Sep 2025 11:09:46 +0200 Subject: [PATCH 8/9] docs(obj): update --- pages/object-storage/how-to/host-healthcare-data.mdx | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/pages/object-storage/how-to/host-healthcare-data.mdx b/pages/object-storage/how-to/host-healthcare-data.mdx index c762e9f5aa..65b13767df 100644 --- a/pages/object-storage/how-to/host-healthcare-data.mdx +++ b/pages/object-storage/how-to/host-healthcare-data.mdx @@ -57,6 +57,10 @@ to host healthcare data, you must comply to the following requirements: - You must not use [lifecycle rules](/object-storage/concepts/#lifecycle-configuration) in your compliant bucket. + +Failure to comply with these requirements may lead to voiding compliance on the objects contained in the bucket. + + ## How to encrypt objects Objects in a compliant bucket must be encrypted to make sure data is protected. To achieve this, you can either use Scaleway's SSE-C feature, or encrypt objects yourself before uploading them to your bucket. @@ -71,7 +75,7 @@ Refer to the [dedicated documentation](/object-storage/api-cli/enable-sse-c/) fo ### Customer-side encryption -Customer-side encryption ensures that sensitive data is protected before reaching Scaleway Object Storage, giving you control on the encryption mechanism, and keys managemnent. This method must be used in combination with [Scaleway's HDS-compliant deletion method](). +Customer-side encryption ensures that sensitive data is protected before reaching Scaleway Object Storage, giving you control on the encryption mechanism, and keys managemnent. This method must be used in combination with [Scaleway's HDS-compliant deletion method](#deleting-objects-with-customer-side-encryption). ## How to delete objects From ef50b82d342b59b3cea45f33956ed5b4d911546f Mon Sep 17 00:00:00 2001 From: SamyOubouaziz Date: Mon, 1 Sep 2025 11:38:33 +0200 Subject: [PATCH 9/9] docs(obj): update --- pages/object-storage/how-to/host-healthcare-data.mdx | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/pages/object-storage/how-to/host-healthcare-data.mdx b/pages/object-storage/how-to/host-healthcare-data.mdx index 65b13767df..5f90eb9b51 100644 --- a/pages/object-storage/how-to/host-healthcare-data.mdx +++ b/pages/object-storage/how-to/host-healthcare-data.mdx @@ -24,6 +24,7 @@ This documentation provides the following elements: - A Scaleway account logged into the [console](https://console.scaleway.com) - [Owner](/iam/concepts/#owner) status or [IAM permissions](/iam/concepts/#permission) allowing you to perform actions in the intended Organization +- Signed an HDS contract with Scaleway for the garantees outlined in the [shared responsibility model]() to apply ## How to create a compliant bucket @@ -47,6 +48,8 @@ Even though you can use an existing bucket to host healthcare data, we strongly 9. Click **Create bucket** to confirm. +10. If you use a [customer-side encryption mechanism](#customer-side-encryption), enable bucket encryption using the [PutBucketEncryption]() action. + Your bucket is now ready to store healthcare data. Before uploading objects, refer to the sections below for information on how to encrypt and delete your objects in compliance with regulations. ## Prohibited actions on a compliant Bucket @@ -57,6 +60,8 @@ to host healthcare data, you must comply to the following requirements: - You must not use [lifecycle rules](/object-storage/concepts/#lifecycle-configuration) in your compliant bucket. +- If you use a [customer-side encryption mechanism](#customer-side-encryption), you must no delete the bucket encryption. + Failure to comply with these requirements may lead to voiding compliance on the objects contained in the bucket. @@ -79,7 +84,9 @@ Customer-side encryption ensures that sensitive data is protected before reachin ## How to delete objects -Objects must be deleted following in a compliant way to make sure data cannot be retrieved afterward. The deletion method varies according to the encryption method. +Objects must be deleted in a compliant way to make sure data can not be retrieved by any means immediately afterward. When using the HDS-compliant method (using the `PutBucketEncryption` action), Scaleway encrypts your uploaded objects with a dedicated key that will be instantly deleted upon receiving a deletion request for the targeted objects. + +This mechanism guarantees your objects can not be immediately retrieved, even if it takes additionnal time to process the delete of all the remaining chunks of your deleted objects. ### Deleting objects encrypted with SSE-C