AODocs is fully compatible with customer-managed encryption keys (CMEK) on Google Cloud Storage.
CMEK provides more control on encryption at rest of the content of your AODocs attachments than the default Google-managed encryption. With CMEK, the encryption keys are kept in the cloud, but managed (created, assigned to buckets, revoked, replaced and renewed) by your organization.
Learn more from the Google Help Center: Customer-managed encryption keys.
In AODocs, buckets encrypted with CMEK behave exactly like non-encrypted buckets. You can use all the AODocs features available in libraries using Google Cloud Storage (GCS) in exactly the same way.
Note: AODocs does not support customer-supplied encryption keys (CSEK).
You can activate CMEK encryption on customer-managed Google Cloud Storage (GCS) buckets.
Learn more: Set up Google Cloud Storage for AODocs.
Important: CMEK cannot currently be activated on AODocs managed buckets or or other storage options such as Google Drive or Microsoft Azure Blob storage.
To enable CMEK, follow Google’s documentation: Use customer-managed encryption keys, up to and including the section "Use default encryption keys".