Configuring Bucket Server-Side Encryption

You can configure server-side encryption for an OBS bucket. Once configured, any objects you upload to the bucket will be encrypted with the specified key by default.

You can enable encryption (by choosing SSE-KMS or SSE-OBS) when creating a bucket (see Creating a Bucket). You can also enable or disable encryption for an existing bucket.

OBS only encrypts the objects uploaded after server-side encryption is enabled for the bucket, and does not encrypt those uploaded before. After server-side encryption is disabled, encryption status of existing objects in the bucket remains unchanged, and you can still encrypt objects when you upload them.

Enabling Server-Side Encryption for a Bucket

In the navigation pane of OBS Console, choose Object Storage.
In the bucket list, click the bucket you want to operate to go to the Objects page.
In the navigation pane, choose Overview.
In the Basic Configurations area, click Server-Side Encryption. The Server-Side Encryption dialog box is displayed.
Choose SSE-KMS or SSE-OBS.

If you choose SSE-KMS for encryption, you must specify an encryption key type (Default or Custom). If Default is used, the default key of the current region will be used to encrypt your objects. If there is no such a default key, OBS creates one the first time you upload an object. If Custom is used, you can choose a custom key you created on the KMS console to encrypt your objects.

Figure 1 Choosing SSE-KMS for a bucket

When SSE-OBS is chosen, the keys created and managed by OBS are used for encryption.

Figure 2 Choosing SSE-OBS for a bucket
Click OK.

Disabling Server-Side Encryption for a Bucket

In the navigation pane of OBS Console, choose Object Storage.
In the bucket list, click the bucket you want to operate to go to the Objects page.
In the navigation pane, choose Overview.
In the Basic Configurations area, click Server-Side Encryption. The Server-Side Encryption dialog box is displayed.
Select Disable.

Figure 3 Disabling encryption for a bucket
Click OK.