How Do I Access or Download an Encrypted Object?
Encrypting an Object
Method 1: Enable default encryption when you create a bucket. Then, all types of objects uploaded to the bucket will be automatically encrypted with the specified encryption method and key during bucket creation.
Method 2: Specify an encryption method and key type when you upload an object.
Accessing or Downloading an Encrypted Object
When an object is encrypted with SSE-OBS, configure a public read policy (which grants anonymous users access to an object) for the object and then you can directly access this object.
When an object is encrypted with SSE-C, it cannot be accessed directly, even if it has a public read policy (which grants anonymous users access to an object) configured. Whereas, you can call an API to access or download the object. For details, see Downloading Objects.
When an object is encrypted with SSE-KMS, it cannot be accessed directly, even if it has a public read policy (which grants anonymous users access to an object) configured. To access or download an encrypted object, use either of the following methods:
Method 1: Access the encrypted object as a user with the KMS CMKFullAccess permission. The region where your KMS CMKFullAccess permission applies must be the one where the bucket storing the object is located. For details about how to grant users the KMS CMKFullAccess permission, see Assigning Permissions to an IAM User.
Method 2: Use the temporary URL generated by sharing the encrypted object. When you use the shared URL for access, the server automatically decrypts the object.
For example, if you want your encrypted object (such as a video or audio file) to be accessed by anonymous users, you can share your object and send the generated URL to others. For details about object sharing, see Sharing a File.
Server-Side Encryption FAQs
- Does OBS Support Encrypted Upload?
- How Do I Access or Download an Encrypted Object?
- Why Cannot an Authorized Account or User Upload or Download KMS Encrypted Objects?
- What Encryption Technologies Can I Use to Encrypt Data on OBS?
- Will OBS Server-Side Encryption Encrypt My Existing Objects That Are Unencrypted?
- Will I Be Billed for the Encryption Provided by OBS Server-Side Encryption?
- Does OBS SSE-KMS Allow Anonymous Access?
- Are Additional Permissions Required When I Share an Object with SSE-OBS Encrypted?
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbotmore