Help Center> Object Storage Service> SDK Reference> Python> Other APIs> Server-Side Encryption
View PDF

Server-Side Encryption

API Description

You can use this API for server-side encryption. OBS supports server-side encryption for objects.

For more information, see Server-Side Encryption.

Method Definition

ObsClient.putFile(bucketName, objectKey, file_path, metadata, headers)

Supported APIs

The following table lists APIs related to server-side encryption:

OBS Python SDK API Method

Description

Supported Encryption Type

ObsClient.putContent

Sets the encryption algorithm and key during object upload to enable server-side encryption.

SSE-KMS

SSE-C

ObsClient.putFile

Sets the encryption algorithm and key during file upload to enable server-side encryption.

SSE-KMS

SSE-C

ObsClient.getObject

Sets the decryption algorithm and key during object download to decrypt the object.

SSE-C

ObsClient.copyObject
  1. Sets the decryption algorithm and key for decrypting the source object during object copy.
  2. Sets the encryption algorithm and key during object copy to enable the encryption algorithm for the target object.

SSE-KMS

SSE-C

ObsClient.getObjectMetadata

Sets the decryption algorithm and key when obtaining the object metadata to decrypt the object.

SSE-C

ObsClient.initiateMultipartUpload

Sets the encryption algorithm and key when initializing a multipart upload task to enable server-side encryption for the final object generated.

SSE-KMS

SSE-C

ObsClient.uploadPart

Sets the encryption algorithm and key during multipart upload to enable server-side encryption for parts.

SSE-C

ObsClient.copyPart
  1. Sets the decryption algorithm and key for decrypting the source object during multipart copy.
  2. Sets the encryption algorithm and key during multipart copy to enable the encryption algorithm for the target part.

SSE-C

Returned Results

Type

Description

GetResult

SDK common result object

Sample Code

Encrypting an Object to Be Uploaded

# Import the module.
from obs import ObsClient
 
# Create an instance of ObsClient.
obsClient = ObsClient(
    access_key_id='*** Provide your Access Key ***',    
    secret_access_key='*** Provide your Secret Key ***',    
    server='https://your-endpoint'
)

from obs import PutObjectHeader
from obs import SseCHeader, SseKmsHeader
headers = PutObjectHeader()
# Set the SSE-C encryption algorithm.
headers.sseHeader = SseCHeader(encryption='AES256', key='your sse-c key generated by AES-256 algorithm')

resp = obsClient.putFile('bucketname', 'objectname', 'localfile', headers=headers)

if resp.status < 300:    
    print('requestId:', resp.requestId)
else:    
    print('errorCode:', resp.errorCode)    
    print('errorMessage:', resp.errorMessage)

headers = PutObjectHeader()
# Set the SSE-KMS encryption algorithm.
headers.sseHeader = SseKmsHeader.getInstance()
resp = obsClient.putFile('bucketname', 'objectname2', 'localfile2', headers=headers)

if resp.status < 300:    
    print('requestId:', resp.requestId)
else:    
    print('errorCode:', resp.errorCode)    
    print('errorMessage:', resp.errorMessage)

Decrypting a To-Be-Download Object

# Import the module.
from obs import ObsClient
 
# Create an instance of ObsClient.
obsClient = ObsClient(
    access_key_id='*** Provide your Access Key ***',    
    secret_access_key='*** Provide your Secret Key ***',    
    server='https://your-endpoint'
)

from obs import GetObjectHeader
from obs import SseCHeader
headers = GetObjectHeader()
# Set the SSE-C decryption algorithm. The key used here must be the one used for uploading the object.
headers.sseHeader = SseCHeader(encryption='AES256', key='your sse-c key generated by AES-256 algorithm')
resp = obsClient.getObject('bucketname', 'objectname', 'localfile', headers=headers)

if resp.status < 300:    
    print('requestId:', resp.requestId)
else:    
    print('errorCode:', resp.errorCode)    
    print('errorMessage:', resp.errorMessage)
Parent topic: Other APIs