Performing OBS Server-Side Encryption with KMS Managed Keys
-
Data encryption Workshop (DEW) is a full-stack data encryption service in the cloud. The Key Management Service (KMS) provided by DEW is a secure, reliable, and easy-to-use cloud service that can help you manage and protect keys in a centralized manner.
-
With KMS, you can create keys and use the keys to encrypt files to be uploaded on the OBS server.
Step 1: Set the environment.
1. Log in to the management console. Click Service List on the top navigation bar, and choose Storage > Object Storage Service.
2. Click Create Bucket to create a bucket for storing uploaded files.
1
Selecting Object Storage Service (OBS)
2
Creating a bucket on OBS
View Image
Step 2: Create a key.
1. On the homepage of the management console, choose Security & Compliance > Data Encryption Service. The KMS page is displayed.
2. Above the list of keys, click Create Key in the upper right corner.
3. In the Create Key dialog box, enter an alias and description for the key, and click OK.
Note
You can also import your keys to KMS for centralized management. Click here to learn how.
1
Selecting Data Encryption Workshop (DEW)
2
Creating a key
3
Entering an alias and description
View Image
Step 3: Upload a file to an OBS bucket.
1. On the console page of HUAWEI CLOUD, click Service List on the top navigation bar, and choose Storage > Object Storage Service . Click the target bucket to go to the Summary page of the bucket.
2. In the navigation pane on the left, click Objects . The object list is displayed. Then click Upload File on top of the object list.
3. Select the file that you want to upload. Choose SSE-KMS for encryption, specify an encryption key type, and click Upload.
Note
1. To perform OBS server-side encryption, you can use the default keys generated by KMS or the custom keys created by yourself.
2. To understand differences between a default key and a custom key, click here.
1
Bucket details
2
Selecting a file to be upload
3
Configuring KMS encryption
View Image
Step 4: Manage the lifecycle keys.
1. You can easily enable, disable, delete, and cancel the deletion of one or more keys.
2. You can add tags to keys by department or user role. Example: Department: O&M
3. You can enable rotation for a custom key. KMS will automatically generate a new version of the key.
4. You can authorize other users to use your customer master keys (CMKs).
1
Lifecycle management
2
Adding a tag
3
Rotating a key
4
Creating a grant
View Image
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot