Help Center> Data Encryption Workshop> Getting Started> Performing OBS Server-Side Encryption with KMS Managed Keys
None

Performing OBS Server-Side Encryption with KMS Managed Keys

  • Data encryption Workshop (DEW) is a full-stack data encryption service in the cloud. The Key Management Service (KMS) provided by DEW is a secure, reliable, and easy-to-use cloud service that can help you manage and protect keys in a centralized manner.

  • With KMS, you can create keys and use the keys to encrypt files to be uploaded on the OBS server.

Step1 Prepare the environment.

1. Log in to the console of HUAWEI CLOUD. Click Service List on the top navigation bar, and choose Storage > Object Storage Service
2. Click Create Bucket to create a bucket for storing uploaded files.

Learn more

1

Selecting Object Storage Service (OBS)

申请虚拟私有云

2

Creating a bucket on OBS

申请弹性云服务器

View Image

Step2 Create a key.

1. On the homepage of the management console, choose Security > Data Encryption Service. The KMS page is displayed. 
2. On the Key Management Service page, click Create Key in the upper right corner.
3. In the Create Key dialog box, enter an alias and description for the key, and click OK.

Note

You can also import your local keys to the KMS console and have them managed by KMS. For details about how to import a key, click here.

Learn more

1

Creating a key

获取实例连接地址

2

Entering an alias and description

下载和安装客户端

View Image

Step3 Upload a file to an OBS bucket.

1. On the console page of HUAWEI CLOUD, click Service List on the top navigation bar, and choose Storage > Object Storage Service. Click the target bucket to go to the Summary page of the bucket.  
2. In the navigation pane on the left, click Objects. The object list is displayed. Then click Upload Object on top of the object list.
3. Select the file that you want to upload. Select the check box in front of KMS encryption, and click Upload.

Note

1. To perform OBS server-side encryption, you can use the Default Master Keys generated by KMS or the Customer Master Keys (CMKs) created by yourself.
2. To understand differences between a Default Master Key and a CMK, click here.

Learn more

1

The Summary page of a bucket

获取实例连接地址

2

Selecting the object to be uploaded

下载和安装客户端

3

Confirming KMS encryption

下载和安装客户端

View Image

Step4 Manage the lifecycle keys.

1. You can easily enable, disable, delete, and cancel the deletion of one or more keys.
2. You can add tags to keys by department or user role. For example: Department: O&M
3. You can also enable the key rotation function for CMKs. KMS automatically generates new versions for the CMKs.
4. You can also create grants for other users and grant them the permission to use your CMKs.

Note

Only the professional edition supports the key rotation and grant creation functions.

Learn more

1

Full lifecycle management

获取实例连接地址

2

Adding tags

下载和安装客户端

3

Key rotation

下载和安装客户端

4

Creating a grant

下载和安装客户端

View Image