Configuring Bucket Default Encryption
OBS enables you to configure default encryption for a bucket. After the configuration, objects uploaded to the bucket are automatically encrypted using the specified KMS key, improving data storage security.
You can enable the default encryption when creating a bucket. For details, see Creating a Bucket. You can also enable or disable the default encryption for an existing bucket.
OBS encrypts only the objects uploaded after the default encryption function is enabled. The encryption status of existing objects in the bucket remains unchanged. Disabling default encryption does not change the encryption status of existing objects in a bucket. After this function is disabled, you can still manually encrypt objects upon upload.
Enabling Default Encryption for a Bucket
- In the navigation pane on the left of OBS Console, choose Object Storage.
- In the bucket list, click a bucket name, and then the Overview page of the bucket is displayed.
- In the Basic Configurations area, click Default Encryption. The Default Encryption dialog box is displayed.
- Select Enable.
Key obs/default is selected by default for KMS encryption. You can also click Create KMS Key to switch to the management console of KMS and create customer master keys. Then back to OBS Console and select the key from the drop-down list box for KMS encryption.
Figure 1 Enabling KMS encryption for a bucket
- Click OK.
Disabling Default Encryption for a Bucket
- In the navigation pane on the left of OBS Console, choose Object Storage.
- In the bucket list, click a bucket name, and then the Overview page of the bucket is displayed.
- In the Basic Configurations area, click Default Encryption. The Default Encryption dialog box is displayed.
- Select Disable.
- Click OK.
Last Article: Server-Side Encryption Overview
Next Article: Uploading a File with Server-Side Encryption
Did this article solve your problem?
Thank you for your score!Your feedback would help us improve the website.