Performing OBS Server-Side Encryption with KMS Managed Keys

1. Log in to the management console. Click Service List on the top navigation bar, and choose Storage > Object Storage Service.
2. Click Create Bucket to create a bucket for storing uploaded files.

1. On the homepage of the management console, choose Security & Compliance > Data Encryption Service. The KMS page is displayed.
2. Above the list of keys, click Create Key in the upper right corner.
3. In the Create Key dialog box, enter an alias and description for the key, and click OK. 

You can also import your keys to KMS for centralized management. Click here to learn how.

1. On the console page of HUAWEI CLOUD, click Service List on the top navigation bar, and choose Storage > Object Storage Service . Click the target bucket to go to the Summary page of the bucket. 
2. In the navigation pane on the left, click Objects . The object list is displayed. Then click Upload File on top of the object list. 
3. Select the file that you want to upload. Choose SSE-KMS for encryption, specify an encryption key type, and click Upload.

1. To perform OBS server-side encryption, you can use the default keys generated by KMS or the custom keys created by yourself. 
2. To understand differences between a default Key and a custom key, click here.

1. You can easily enable, disable, delete, and cancel the deletion of one or more keys. 
2. You can add tags to keys by department or user role. Example: Department: O&M

3. You can enable rotation for a custom key. KMS will automatically generate a new version of the key.
4. You can authorize other users to use your customer master keys (CMKs).