Code Storage Principles
CodeArts Repo uses Huawei Cloud Scalable File Service (SFS) to store code data. When you create a file in CodeArts Repo, the encryption function is enabled by default.
Keys used by encrypted file systems are provided by the Key Management Service (KMS), which is secure and convenient. CodeArts Repo uses the cloud native capability of SFS to build and maintain the key management infrastructure.
When CodeArts Repo writes or reads repository data in SFS, SFS obtains the encryption and decryption key (AES-256 encryption algorithm) from KMS and automatically encrypts or decrypts the data.
As shown in the following figure, the encrypted write process of code data is " repository write > obtain encryption key > encrypted write", and the encrypted read process of code data is "repository read request > decryption key > data decryption > code data return"
Each phase of encrypted write of code data:
- Write to repository: When you submit and push code data, CodeArts Repo Server writes the code data to SFS.
- Obtain encryption key: SFS reads the stored encryption key from KMS to encrypt code data.
- Write with encryption: Use the encryption key to encrypt the code data and store the encrypted data to SFS.
Each phase of encrypted read of code data:
- Repository read request: A user initiates a request to download the repository.
- Decryption key: SFS reads the stored decryption key from KMS to decrypt code data.
- Data decryption: Use the decryption key to decrypt the code data.
- Return code data: Return the decrypted code data to the user.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot
