Obtaining Bucket Encryption Configuration
Functions
OBS uses the GET method to obtain the encryption configuration of a specified bucket.
To perform this operation, you must have the GetEncryptionConfiguration permission. By default, only the bucket owner can delete the tags of a bucket. The bucket owner can allow other users to perform this operation by setting a bucket policy or granting them the permission.
For more information about permission control, see the permission control in the OBS Permission Configuration Guide.
Request Syntax
1 2 3 4 5 6 |
GET /?encryption HTTP/1.1 User-Agent: curl/7.29.0 Host: bucketname.obs.region.myhuaweicloud.eu Accept: */* Date: date Authorization: authorization string |
Request parameters
This request contains no message parameters.
Request Headers
This request uses common headers. For details, see Table 3.
Request Elements
This request involves no elements.
Response Syntax
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 |
HTTP/1.1 status_code x-obs-request-id: request id x-obs-id-2: id Content-Type: application/xml Content-Length: length Date: date <?xml version="1.0" encoding="UTF-8" standalone="yes"?> <ServerSideEncryptionConfiguration xmlns="http://obs.region.myhuaweicloud.eu/doc/2015-06-30/"> <Rule> <ApplyServerSideEncryptionByDefault> <SSEAlgorithm>kms</SSEAlgorithm> <KMSMasterKeyID>kmskeyid-value</KMSMasterKeyID> <ProjectID>projectid</ProjectID> </ApplyServerSideEncryptionByDefault> </Rule> </ServerSideEncryptionConfiguration> |
Response Headers
The response to the request uses common headers. For details, see Table 1.
Response Elements
This response contains the following elements to detail bucket encryption configuration:
|
Header |
Description |
|---|---|
|
ServerSideEncryptionConfiguration |
Root element of the default encryption configuration of a bucket. Type: container Parent: none Child: Rule |
|
Rule |
Sub-element of the default encryption configuration of a bucket. Type: container Parent: ServerSideEncryptionConfiguration Child: ApplyServerSideEncryptionByDefault |
|
ApplyServerSideEncryptionByDefault |
Sub-element of the default encryption configuration of a bucket. Type: container Parent: Rule Child: SSEAlgorithm and KMSMasterKeyID |
|
SSEAlgorithm |
The server-side encryption algorithm used for encryption configuration of a bucket. Type: string Value options: kms Parent: ApplyServerSideEncryptionByDefault |
|
KMSMasterKeyID |
ID of the customer master key (CMK) used for SSE-KMS. Type: string Parent: ApplyServerSideEncryptionByDefault |
|
ProjectID |
ID of the project where the KMS master key belongs when SSE-KMS is used. Type: string Parent: ApplyServerSideEncryptionByDefault
NOTE:
When a custom key in a non-default IAM project is used to encrypt objects, only the key owner can upload or download the encrypted objects. |
Error Responses
In addition to common error codes, this API also returns others. The following table lists common errors and possible causes. For details, see Table 2.
Sample Request
1 2 3 4 5 6 |
GET /?encryption HTTP/1.1 User-Agent: curl/7.29.0 Host: examplebucket.obs.region.myhuaweicloud.eu Accept: */* Date: Thu, 21 Feb 2019 03:05:34 GMT Authorization: OBS H4IPJX0TQTHTHEBQQCEC:DpSAlmLX/BTdjxU5HOEwflhM0WI= |
Sample Response
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 |
HTTP/1.1 200 OK Server: OBS x-obs-request-id: BF26000001643670AC06E7B9A7767921 x-obs-id-2: 32AAAQAAEAABSAAgAAEAABAAAQAAEAABCSvK6z8HV6nrJh49gsB5vqzpgtohkiFm Date: Thu, 21 Feb 2019 03:05:34 GMT Content-Length: 788 <?xml version="1.0" encoding="UTF-8" standalone="yes"?> <ServerSideEncryptionConfiguration xmlns="http://obs.region.myhuaweicloud.eu/doc/2015-06-30/"> <Rule> <ApplyServerSideEncryptionByDefault> <SSEAlgorithm>kms</SSEAlgorithm> <KMSMasterKeyID>4f1cd4de-ab64-4807-920a-47fc42e7f0d0</KMSMasterKeyID> </ApplyServerSideEncryptionByDefault> </Rule> </ServerSideEncryptionConfiguration> |
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.
