Enabling Server-Side Encryption When Uploading an Object
OBS allows you to encrypt objects with server-side encryption so that the objects can be securely stored in OBS.
When you upload an object to a bucket with default encryption disabled, you can separately configure default encryption for the object. If the bucket has default encryption enabled, the object you upload inherits encryption from the bucket by default. You can also configure new encryption for the object.
Constraints
- The object encryption status cannot be changed.
- A key in use cannot be deleted. Otherwise, the object encrypted with this key cannot be downloaded.
Prerequisites
In the region where OBS is deployed, the KMS Administrator permission has been added to the user group. For details about how to add permissions, see the IAM User Guide.
Procedure
- In the bucket list, click the bucket you want to operate. The Overview page is displayed.
- In the navigation pane, choose Objects.
- Click Upload Object. The Upload Object dialog box is displayed.
- Add the files to be uploaded.
- Enable KMS encryption and select a key that you have created on KMS.
If the bucket has default encryption enabled, any object you upload will inherit the KMS encryption from the bucket by default.
After KMS encryption is selected, obs/default is selected by default as the key for the encryption. You can also click Create KMS Key to switch to the KMS management console and create a customer master key. Then go back to OBS Console and select the key from the drop-down list.
- Click Upload.
After the object is uploaded, you can view its encryption status on its details page.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot
