Previously available in beta, client-side encryption (CSE) customers can now conduct bulk migrations of sensitive files from both cloud and on-premises data sources. This process ensures confidential content is wrapped with customer-managed keys before it’s imported into Google Workspace. Using this tooling, CSE customers can decommission their legacy third-party storage while ensuring the CSE model is in place throughout the document lifecycle. The API is highly configurable, we share a generalized sample code to make deployment simple, but customers can further customize it depending on their needs.
Getting started
- Admins: This feature will be ON by default for customers. Admins or authorized users will need to call the Drive API to leverage the feature. Visit the Help Center to learn more.
- End users: There is no end-user setting in Drive for this feature.
Rollout pace
- Rapid Release and Scheduled Release domains: Available now
Availability
- Enterprise: Enterprise Plus
- Education: Education Standard and Plus
- Other Editions: Frontline Plus
Resources
- Google Workspace: Google Drive API overview
- Google Workspace: Manage client-side encrypted files with the Drive API
- Google Workspace: Best practices for bulk importing client-side encrypted files
- Code sample: GitHub, PyPI
- Keyword: Import sensitive external files to Google Drive with client-side encryption using the Drive API, launching in beta
- Knowledge: About client-side encryption