Server-Side Encryption
API Description
You can use this API for server-side encryption. OBS supports server-side encryption for objects.
For more information, see Server-Side Encryption.
Method Definition
ObsClient.putFile(bucketName, objectKey, file_path, metadata, headers)
Supported APIs
The following table lists APIs related to server-side encryption:
|
OBS Python SDK API Method |
Description |
Supported Encryption Type |
|---|---|---|
|
ObsClient.putContent |
Sets the encryption algorithm and key during object upload to enable server-side encryption. |
SSE-KMS SSE-C |
|
ObsClient.putFile |
Sets the encryption algorithm and key during file upload to enable server-side encryption. |
SSE-KMS SSE-C |
|
ObsClient.getObject |
Sets the decryption algorithm and key during object download to decrypt the object. |
SSE-C |
|
ObsClient.copyObject |
|
SSE-KMS SSE-C |
|
ObsClient.getObjectMetadata |
Sets the decryption algorithm and key when obtaining the object metadata to decrypt the object. |
SSE-C |
|
ObsClient.initiateMultipartUpload |
Sets the encryption algorithm and key when initializing a multipart upload task to enable server-side encryption for the final object generated. |
SSE-KMS SSE-C |
|
ObsClient.uploadPart |
Sets the encryption algorithm and key during multipart upload to enable server-side encryption for parts. |
SSE-C |
|
ObsClient.copyPart |
|
SSE-C |
Returned Results
|
Type |
Description |
|---|---|
|
SDK common result object |
Sample Code
Encrypting an Object to Be Uploaded
# Import the module.
from obs import ObsClient
# Create an instance of ObsClient.
obsClient = ObsClient(
access_key_id='*** Provide your Access Key ***',
secret_access_key='*** Provide your Secret Key ***',
server='https://your-endpoint'
)
from obs import PutObjectHeader
from obs import SseCHeader, SseKmsHeader
headers = PutObjectHeader()
# Set the SSE-C encryption algorithm.
headers.sseHeader = SseCHeader(encryption='AES256', key='your sse-c key generated by AES-256 algorithm')
resp = obsClient.putFile('bucketname', 'objectname', 'localfile', headers=headers)
if resp.status < 300:
print('requestId:', resp.requestId)
else:
print('errorCode:', resp.errorCode)
print('errorMessage:', resp.errorMessage)
headers = PutObjectHeader()
# Set the SSE-KMS encryption algorithm.
headers.sseHeader = SseKmsHeader.getInstance()
resp = obsClient.putFile('bucketname', 'objectname2', 'localfile2', headers=headers)
if resp.status < 300:
print('requestId:', resp.requestId)
else:
print('errorCode:', resp.errorCode)
print('errorMessage:', resp.errorMessage)
Decrypting a To-Be-Download Object
# Import the module.
from obs import ObsClient
# Create an instance of ObsClient.
obsClient = ObsClient(
access_key_id='*** Provide your Access Key ***',
secret_access_key='*** Provide your Secret Key ***',
server='https://your-endpoint'
)
from obs import GetObjectHeader
from obs import SseCHeader
headers = GetObjectHeader()
# Set the SSE-C decryption algorithm. The key used here must be the one used for uploading the object.
headers.sseHeader = SseCHeader(encryption='AES256', key='your sse-c key generated by AES-256 algorithm')
resp = obsClient.getObject('bucketname', 'objectname', 'localfile', headers=headers)
if resp.status < 300:
print('requestId:', resp.requestId)
else:
print('errorCode:', resp.errorCode)
print('errorMessage:', resp.errorMessage)
Last Article: Generating Browser-Based Upload Parameters with Authentication Information
Next Article: Static Website Hosting
Did this article solve your problem?
Thank you for your score!Your feedback would help us improve the website.