Server-Side Encryption
API Description
You can use this API for server-side encryption. OBS supports server-side encryption for objects.
For more information, see Server-Side Encryption.
Method Definition
func (obsClient ObsClient) PutFile(input *PutFileInput) (output *PutObjectOutput, err error)
Supported APIs
The following table lists APIs related to server-side encryption:
| Method in OBS Go SDK | Description | Supported Encryption Type |
|---|---|---|
| ObsClient.PutObject | Sets the encryption algorithm and key during object upload to enable server-side encryption. | SSE-KMS SSE-C |
| ObsClient.PutFile | Sets the encryption algorithm and key during file upload to enable server-side encryption. | SSE-KMS SSE-C |
| ObsClient.GetObject | Sets the decryption algorithm and key during object download to decrypt the object. | SSE-C |
| ObsClient.CopyObject |
| SSE-KMS SSE-C |
| ObsClient.GetObjectMetadata | Sets the decryption algorithm and key when obtaining the object metadata to decrypt the object. | SSE-C |
| ObsClient.InitiateMultipartUpload | Sets the encryption algorithm and key when initializing a multipart upload task to enable server-side encryption for the final object generated. | SSE-KMS SSE-C |
| ObsClient.UploadPart | Sets the encryption algorithm and key during multipart upload to enable server-side encryption for parts. | SSE-C |
| ObsClient.CopyPart |
| SSE-C |
Sample Code
Encrypting an Object to Be Uploaded
// Import the dependency package. import ( "fmt" "obs" ) var ak = "*** Provide your Access Key ***" var sk = "*** Provide your Secret Key ***" var endpoint = "https://your-endpoint" // Create an ObsClient struct. var obsClient, _ = obs.New(ak, sk, endpoint) func main() { input := &obs.PutFileInput{} input.Bucket = "bucketname" input.Key = "objectname" input.SourceFile = "localfile" // Set the SSE-C encryption algorithm. input.SseHeader = obs.SseCHeader{Encryption: "AES256", Key: "your base64-encoded sse-c key generated by AES-256 algorithm"} output, err := obsClient.PutFile(input) if err == nil { fmt.Printf("RequestId:%s\n", output.RequestId) } else if obsError, ok := err.(obs.ObsError); ok { fmt.Printf("Code:%s\n", obsError.Code) fmt.Printf("Message:%s\n", obsError.Message) } input.Bucket = "bucketname" input.Key = "objectname2" input.SourceFile = "localfile2" // Set the SSE-KMS encryption algorithm. input.SseHeader = obs.SseKmsHeader{Encryption: "kms"} output, err = obsClient.PutFile(input) if err == nil { fmt.Printf("RequestId:%s\n", output.RequestId) } else if obsError, ok := err.(obs.ObsError); ok { fmt.Printf("Code:%s\n", obsError.Code) fmt.Printf("Message:%s\n", obsError.Message) } }
Decrypting a To-Be-Download Object
// Import the dependency package. import ( "fmt" "obs" ) var ak = "*** Provide your Access Key ***" var sk = "*** Provide your Secret Key ***" var endpoint = "https://your-endpoint" // Create an ObsClient struct. var obsClient, _ = obs.New(ak, sk, endpoint) func main() { input := &obs.GetObjectInput{} input.Bucket = "bucketname" input.Key = "objectname" //Set the SSE-C decryption algorithm. The key used here must be the one used for uploading the object. input.SseHeader = obs.SseCHeader{Encryption: "AES256", Key: "your base64-encoded sse-c key generated by AES-256 algorithm"} output, err := obsClient.GetObject(input) if err == nil { defer output.Body.Close() fmt.Printf("ETag:%s\n", output.ETag) } else if obsError, ok := err.(obs.ObsError); ok { fmt.Printf("Code:%s\n", obsError.Code) fmt.Printf("Message:%s\n", obsError.Message) } }
Last Article: Creating a Signed URL
Next Article: Static Website Hosting
Did this article solve your problem?
Thank you for your score!Your feedback would help us improve the website.