Configuring Bucket Default Encryption
OBS allows you to configure default encryption for a bucket. After the default encryption is enabled for the bucket, objects uploaded to this bucket are automatically encrypted using the specified KMS key, making data storage more secure.
You can enable default encryption when creating a bucket (see Creating a Bucket), or enable or disable default encryption after the bucket is created.
OBS only encrypts the objects uploaded after the default encryption is enabled for the bucket, and does not encrypt those uploaded before. After you disable a bucket's default encryption, the encryption status of existing objects keeps unchanged, and you can separately encrypt objects when uploading them to the bucket.
Enabling Default Encryption for a Bucket
- In the navigation pane of OBS Console, choose Object Storage.
- In the bucket list, click the bucket you want to operate to go to the Objects page.
- In the navigation pane, choose Overview.
- In the Basic Configurations area, click Default Encryption. The Default Encryption dialog box is displayed.
- Select Enable.
Key obs/default is selected by default for KMS encryption. You can also click Create KMS Key to switch to the KMS management console and create a customer master key. Then go back to OBS Console and select the key from the drop-down list.
Figure 1 Enabling KMS-based encryption for a bucket
- Click OK.
Disabling Default Encryption for a Bucket
- In the navigation pane of OBS Console, choose Object Storage.
- In the bucket list, click the bucket you want to operate to go to the Objects page.
- In the navigation pane, choose Overview.
- In the Basic Configurations area, click Default Encryption. The Default Encryption dialog box is displayed.
- Select Disable.
- Click OK.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.
