Configuring Bucket Encryption
Functions
OBS uses the PUT method to create or update the default server-side encryption for a bucket.
After you configure encryption for a bucket, objects uploaded to this bucket will be encrypted with the bucket encryption settings you specified. Currently, OBS supports server-side encryption with KMS-managed keys (SSE-KMS) and OBS-managed keys (SSE-OBS). For details, see Server-Side Encryption.
To perform this operation, you must have the PutEncryptionConfiguration permission. By default, the bucket owner has this permission and can grant it to others.
For more information about permission control, see the permission control in the OBS Permission Configuration Guide.
Request Syntax (SSE-KMS AES256)
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 |
PUT /?encryption HTTP/1.1 User-Agent: curl/7.29.0 Host: bucketname.obs.region.myhuaweicloud.com Accept: */* Date: date Authorization: authorization string Content-Length: length <ServerSideEncryptionConfiguration> <Rule> <ApplyServerSideEncryptionByDefault> <SSEAlgorithm>kms</SSEAlgorithm> <KMSMasterKeyID>kmskeyid-value</KMSMasterKeyID> </ApplyServerSideEncryptionByDefault> </Rule> </ServerSideEncryptionConfiguration> |
Request Syntax (SSE-OBS)
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 |
PUT /?encryption HTTP/1.1 User-Agent: curl/7.29.0 Host: bucketname.obs.region.myhuaweicloud.com Accept: */* Date: date Authorization: authorization string Content-Length: length <ServerSideEncryptionConfiguration> <Rule> <ApplyServerSideEncryptionByDefault> <SSEAlgorithm>AES256</SSEAlgorithm> </ApplyServerSideEncryptionByDefault> </Rule> </ServerSideEncryptionConfiguration> |
Request Parameters
This request contains no message parameters.
Request Headers
This request uses common headers. For details, see Table 3.
Request Elements
In this request, you need to carry the bucket encryption configuration in the request body. The bucket encryption configuration information is uploaded in the XML format. Table 1 lists the configuration elements.
Parameter |
Mandatory (Yes/No) |
Type |
Description |
---|---|---|---|
ServerSideEncryptionConfiguration |
Yes |
Container |
Definition: Root element of the default bucket encryption configuration. ServerSideEncryptionConfiguration is the parent node of Rule. Constraints: None Range: None Default value: None |
Rule |
Yes |
Container |
Definition: The child element of the default bucket encryption configuration. Rule is the parent node of ApplyServerSideEncryptionByDefault. Constraints: None Range: For details, see Rule parameters. Default value: None |
Parameter |
Mandatory (Yes/No) |
Type |
Description |
---|---|---|---|
ApplyServerSideEncryptionByDefault |
Yes |
Container |
Definition: The child element of the default bucket encryption configuration. Constraints: None Range: For details, see Table 3. Default value: None |
Parameter |
Mandatory (Yes/No) |
Type |
Description |
---|---|---|---|
SSEAlgorithm |
Yes |
String |
Definition: Server-side encryption algorithm used for the default encryption configuration of a bucket. Constraints: None Range:
Default value: None |
KMSMasterKeyID |
No |
String |
Definition: KMS master key ID used in SSE-KMS encryption. Constraints:
Range:
In the preceding formats:
Default value: None |
ProjectID |
No |
String |
Definition: ID of the project where the KMS master key belongs when SSE-KMS is used. Constraints:
Range: Project ID that matches KMSMasterKeyID, that is, the ID of the project to which the master key with the specified KMSMasterKeyID belongs Default value: None |
Response Syntax
1 2 3 |
HTTP/1.1 status_code Date: date Content-Length: length |
Response Headers
The response to the request uses common headers. For details, see Table 1.
Response Elements
This response contains no elements.
Error Responses
No special error responses are returned. For details about error responses, see Table 2.
Sample Request (SSE-KMS AES256)
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 |
PUT /?encryption HTTP/1.1 User-Agent: curl/7.29.0 Host: examplebucket.obs.region.myhuaweicloud.com Accept: */* Date: Thu, 21 Feb 2019 03:05:34 GMT Authorization: OBS H4IPJX0TQTHTHEBQQCEC:DpSAlmLX/BTdjxU5HOEwflhM0WI= Content-Length: 778 <?xml version="1.0" encoding="UTF-8" standalone="yes"?> <ServerSideEncryptionConfiguration xmlns="http://obs.region.myhuaweicloud.com/doc/2015-06-30/"> <Rule> <ApplyServerSideEncryptionByDefault> <SSEAlgorithm>kms</SSEAlgorithm> <KMSMasterKeyID>4f1cd4de-ab64-4807-920a-47fc42e7f0d0</KMSMasterKeyID> </ApplyServerSideEncryptionByDefault> </Rule> </ServerSideEncryptionConfiguration> |
Sample Response (SSE-KMS AES256)
1 2 3 4 5 6 |
HTTP/1.1 200 OK Server: OBS x-obs-request-id: BF26000001643670AC06E7B9A7767921 x-obs-id-2: 32AAAQAAEAABSAAgAAEAABAAAQAAEAABCSvK6z8HV6nrJh49gsB5vqzpgtohkiFm Date: Thu, 21 Feb 2019 03:05:34 GMT Content-Length: 0 |
Sample Request (SSE-OBS)
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 |
PUT /?encryption HTTP/1.1 User-Agent: curl/7.29.0 Host: bucketname.obs.region.myhuaweicloud.com Accept: */* Date: Thu, 21 Feb 2019 03:05:34 GMT Authorization: OBS H4IPJX0TQTHTHEBQQCEC:DpSAlmLX/BTdjxU5HOEwflhM0WI= Content-Length: 778 <?xml version="1.0" encoding="UTF-8" standalone="yes"?> <ServerSideEncryptionConfiguration xmlns="http://obs.region.myhuaweicloud.com/doc/2015-06-30/"> <Rule> <ApplyServerSideEncryptionByDefault> <SSEAlgorithm>AES256</SSEAlgorithm> </ApplyServerSideEncryptionByDefault> </Rule> </ServerSideEncryptionConfiguration> |
Sample Response (SSE-OBS)
1 2 3 4 5 6 |
HTTP/1.1 200 OK Server: OBS x-obs-request-id: BF26000001643670AC06E7B9A7767921 x-obs-id-2: 32AAAQAAEAABSAAgAAEAABAAAQAAEAABCSvK6z8HV6nrJh49gsB5vqzpgtohkiFm Date: Thu, 21 Feb 2019 03:05:34 GMT Content-Length: 0 |
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot