In one embodiment, in response to a request received from a client for retrieving a data object stored in a storage system, a root key is obtained from the request. The data object is represented by metadata in a hierarchical structure having a plurality of levels. Each level includes a plurality of nodes and each node being one of a root node, a leaf node and an intermediate node. The hierarchical structure of metadata associated with the data object is traversed in a top-down approach to decrypt each of a plurality of nodes in the hierarchical structure using a key provided from its parent node, starting from the root node to the leaf nodes, including decrypting the root node using the root key. Decrypted data associated with the plurality of nodes is transmitted to the client.