Help Center> Object Storage Service> Console Operation Guide> Data Security> Configuring Server-Side Encryption> Configuring Bucket Default Encryption
Updated on 2024-04-01 GMT+08:00
View PDF

Configuring Bucket Default Encryption

OBS allows you to configure default encryption for a bucket. After the default encryption is enabled for the bucket, objects uploaded to this bucket are automatically encrypted using the specified key, making data storage more secure.

You can enable the default encryption (by choosing SSE-KMS or SSE-OBS) when creating a bucket (see Creating a Bucket), or enable or disable default encryption after the bucket is created.

OBS only encrypts the objects uploaded after the default encryption is enabled for the bucket, and does not encrypt those uploaded before. After you disable a bucket's default encryption, the encryption status of existing objects keeps unchanged, and you can separately encrypt objects when uploading them to the bucket.

Enabling Default Encryption for a Bucket

  1. In the navigation pane of OBS Console, choose Object Storage.
  2. In the bucket list, click the bucket you want to operate to go to the Objects page.
  3. In the navigation pane, choose Overview.
  4. In the Basic Configurations area, click Default Encryption. The Default Encryption dialog box is displayed.
  5. Choose SSE-KMS or SSE-OBS.

    If you choose SSE-KMS for encryption, you must specify an encryption key type (Default or Custom). If Default is used, the default key of the current region will be used to encrypt your objects. If there is no such a default key, OBS creates one the first time you upload an object. If Custom is used, you can choose a custom key you created on the KMS console to encrypt your objects.

    Figure 1 Choosing SSE-KMS for a bucket

    When SSE-OBS is chosen, the keys created and managed by OBS are used for encryption.

    Figure 2 Choosing SSE-OBS for a bucket

  6. Click OK.

Disabling Default Encryption for a Bucket

  1. In the navigation pane of OBS Console, choose Object Storage.
  2. In the bucket list, click the bucket you want to operate to go to the Objects page.
  3. In the navigation pane, choose Overview.
  4. In the Basic Configurations area, click Default Encryption. The Default Encryption dialog box is displayed.
  5. Select Disable.

    Figure 3 Disabling encryption for a bucket

  6. Click OK.