Which Cloud Services Can Use KMS for Encryption?
Object Storage Service (OBS), Elastic Volume Service (EVS), Image Management Service (IMS), and Relational Database Service (RDS) can use KMS for encryption.
|
Service Name |
How to Use |
Reference |
|---|---|---|
|
Object Storage Service (OBS) |
You can upload objects to and download them from OBS in common mode or server-side encryption mode. When you upload objects in encryption mode, data is encrypted at the server side and then securely stored on OBS in ciphertext. When you download encrypted objects, the data in ciphertext is decrypted at the server side and then provided to you in plaintext. OBS supports the server-side encryption with KMS-managed keys (SSE-KMS). In this mode, OBS uses the keys provided by KMS for server-side encryption. |
|
|
Elastic Volume Service (EVS) |
If you enable the encryption function when creating an EVS disk, the disk will be encrypted with the DEK generated by using your CMK. Data stored in the EVS disk will be automatically encrypted. |
|
|
Image Management Service (IMS) |
When creating a private image using an external image file, you can enable the private image encryption function and select a CMK provided by KMS to encrypt the image. |
|
|
Scalable File Service (SFS) |
When creating a file system on SFS, the CMK provided by KMS can be selected to encrypt the file system, so that files stored in the file system are automatically encrypted. |
|
|
Relational Database Service (RDS) |
When purchasing a database instance, you can enable the disk encryption function of the database instance and select a CMK created on KMS to encrypt the disk of the database instance. Enabling the disk encryption function will enhance data security. |
|
|
Document Database Service (DDS) |
When purchasing a DDS instance, you can enable the disk encryption function of the instance and select a CMK created on KMS to encrypt the disk of the instance. Enabling the disk encryption function will enhance data security. |
|
|
Elastic Cloud Server (ECS) |
ECS uses image encryption or data disk encryption to encrypt ECS resources.
|
|
|
Scalable File Service Turbo (SFS Turbo) |
When creating an SFS Turbo file system, use the key provided by KMS to encrypt the file system for core data security. |
|
|
FunctionGraph |
To decrypt sensitive data, such as database passwords and API keys, during function runtime, you can use the KMS SDK to dynamically operate keys. You can host encryption and decryption keys in KMS and create an agency in IAM for FunctionGraph to access KMS. |
|
|
Cloud Operations Center (COC) |
COC uses KMS to encrypt your host accounts for better security. Before using KMS, create a key first. |
|
|
Cloud Data Migration (CDM) |
When migrating files to a file system, CDM can encrypt and decrypt the files using the keys provided by KMS. |
|
|
Data Security Center (DSC) |
You can use the encryption algorithms and encryption master keys to generate an encryption configuration for data masking. |
|
|
Workspace |
You can use the key provided by KMS to encrypt disks when purchasing a workspace. |
|
|
GeminiDB |
You can use the key provided by KMS to encrypt static data in the database when purchasing a GeminiDB instance. |
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.
