Configuring Bucket Server-Side Encryption
You can configure server-side encryption for an OBS bucket. Once configured, any objects you upload to the bucket will be encrypted with the specified KMS key by default.
You can enable server-side encryption when creating a bucket (see Creating a Bucket). You can also enable or disable server-side encryption for an existing bucket.
OBS only encrypts the objects uploaded after server-side encryption is enabled for the bucket, and does not encrypt those uploaded before. After server-side encryption is disabled, encryption status of existing objects in the bucket remains unchanged, and you can still encrypt objects when you upload them.
Enabling Server-Side Encryption for a Bucket
- In the navigation pane of OBS Console, choose Object Storage.
- In the bucket list, click the bucket you want to operate to go to the Objects page.
- In the navigation pane, choose Overview.
- In the Basic Configurations area, click Server-Side Encryption. The Server-Side Encryption dialog box is displayed.
- Select Enable.
Key obs/default is selected by default for KMS encryption. You can also click Create KMS Key to switch to the KMS management console and create a customer master key. Then go back to OBS Console and select the key from the drop-down list.
Figure 1 Enabling KMS-based encryption for a bucket
- Click OK.
Disabling Server-Side Encryption for a Bucket
- In the navigation pane of OBS Console, choose Object Storage.
- In the bucket list, click the bucket you want to operate to go to the Objects page.
- In the navigation pane, choose Overview.
- In the Basic Configurations area, click Server-Side Encryption. The Server-Side Encryption dialog box is displayed.
- Select Disable.
- Click OK.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.
