Updated on 2024-09-10 GMT+08:00

Data Protection

SWR takes different measures to keep the data stored in SWR secure and reliable.

Table 1 Data protection measures

Measure

Description

Reference

Transmission encryption (HTTPS)

To ensure secure data transmission, SWR supports only HTTPS.

Making an API Request

Static data encryption

SWR Enterprise Edition uses Key Management Service (KMS) to encrypt images. After OBS bucket encryption is enabled, KMS keys are used to automatically encrypt images uploaded to OBS buckets. This will improve data security.

/

Data redundancy

By default, SWR user metadata and image data are stored in multiple AZs in the same region. If one AZ becomes unavailable, data can still be properly accessed from the other AZs. The multi-AZ storage is ideal for scenarios that demand high reliability.

N/A

Data integrity verification (SHA256)

During image push or pull, data may become inconsistent due to network hijacking, caching, and other reasons. SWR verifies data consistency by calculating the SHA256 value when data is uploaded or downloaded.

Uploading an Image Through a Container Engine Client

Cross-region replication

You can configure cross-region replication rules to automatically, asynchronously replicate images from a source repository to a destination repository in another region. This provides you with disaster recovery across regions, catering to your needs for remote backup.

Configuring Automatic Image Synchronization Between Regions

Image retention policy

You can keep multiple tags of an image for quickly retrieving and restoring an image tag, or recovering data from both accidental actions and application failures.

Adding an Image Retention Policy