Help Center> Object Storage Service> Console Operation Guide> Server-Side Encryption Configuration> Uploading a File with Server-Side Encryption
View PDF

Uploading a File with Server-Side Encryption

OBS allows users to encrypt objects using server-side encryption so that the objects can be securely stored in OBS.

Limitations and Constraints

  • The object encryption status cannot be changed.
  • A key in use cannot be deleted. Otherwise, the object encrypted with this key cannot be downloaded.
  • Objects encrypted on the server side cannot be shared.
  • If an object is server-side encrypted and does not have any IAM agency, other accounts and users cannot access the object even if they have the read permission of the object.

Prerequisites

In the region where OBS is deployed, the KMS Administrator permission has been added to the user group. For details about how to add the permission, see Assigning Permissions to an IAM User. If the current account or user is the grantee, it also requires the KMS Administrator permission.

For details about DEW pricing, see the Product Pricing Details.

Procedure

  1. In the navigation pane on the left of OBS Console, choose Object Storage.
  2. In the bucket list, click a bucket name, and then the Overview page of the bucket is displayed.
  3. In the navigation pane on the left, click Objects.
  4. Click Upload Object. The Upload Object dialog box is displayed.
  5. Add the files to be uploaded.
  6. Select KMS encryption and select a key that you have created on DEW.

    If the default encryption is enabled for a bucket, uploaded objects are automatically encrypted.

    After KMS encryption is selected, obs/default is selected by default as the key for the encryption. You can also click Create KMS Key to switch to the management console of KMS and create customer master keys. Then back to OBS Console and select the key from the drop-down list box for KMS encryption.

    For details about how to create a customer master key, see Creating a Key.

    Figure 1 Encrypting an object to be uploaded

  7. Click Upload.

    After the object is uploaded successfully, you can view its encryption status in the object list.