Help Center/
Data Encryption Workshop/
User Guide (ME-Abu Dhabi Region)/
Key Management/
Creating a Key
Updated on 2025-12-02 GMT+08:00
Creating a Key
Scenario
CMKs can be used for:
- Server-side encryption on OBS
- Encryption of data on EVS disks
- Encryption of private images on IMS
- File system encryption on SFS
- Disk encryption for database instances in RDS
- DEK encryption and decryption for user applications
Constraints
- Aliases of default keys end with /default. When configuring aliases for your custom keys, the value cannot end with /default.
Procedure
- Log in to the management console.
- Click
in the upper left corner of the management console and select a region or project. - Choose . The key management page is displayed.
- Click Create Key in the upper right corner. In the displayed dialog box, enter the alias, names, enterprise project, tags, and description of the key.
Figure 1 Create Key dialog box
- Alias: Alias of the key to be created
- Enterprise Project:
If you are an enterprise user and have created an enterprise project, select the required enterprise project from the drop-down list. The default project is default.
If there are no Enterprise Management options displayed, you do not need to configure it.
- (Optional) Description is the description of the custom key.
- (Optional) Tags: Add tags to the custom key as needed, and enter the tag key and tag value.
- If a custom key has been created without any tag, you can add a tag to the custom key later as necessary. Click the alias of the custom key. The page with key details is displayed. Then you can add tags to the custom key.
- The same tag (including tag key and tag value) can be used for different custom keys. However, under the same custom key, one tag key can have only one tag value.
- A maximum of 20 tags can be added for one custom key.
- If you want to delete a tag to be added when adding multiple tags, you can click Delete in the row where the tag to be added is located to delete the tag.
- Click OK.
In the custom key list, you can view created custom keys. The default status of a custom key is Enabled.
Related Operations
- For details about how to upload objects with server-side encryption, see section Uploading a File with Server-Side Encryption in the Object Storage Service User Guide.
- For details about how to encrypt data on EVS disks, see section Creating an EVS Disk in the Elastic Volume Service User Guide.
- For details about how to encrypt private images, see section Encrypting an Image in the Image Management Service User Guide.
- For details about how to encrypt the file system on SFS, see section Creating a File System in the Scalable File Service User Guide.
- For details about how to encrypt disks for a database instance in RDS, see section Creating an RDS MySQL DB Instance in the Relational Database Service User Guide.
- For details about how to create a DEK and a plaintext-free DEK, see sections "Creating a DEK" and "Creating a Plaintext-Free DEK" in Data Encryption Workshop (DEW) API Reference.
- For details about how to encrypt and decrypt a DEK for a user application, see sections "Encrypting a DEK" and "Decrypting a DEK" in Data Encryption Workshop (DEW) API Reference.
Parent topic: Key Management
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
The system is busy. Please try again later.
For any further questions, feel free to contact us through the chatbot.
Chatbot
