vpruthi/doc-exports
1
0
Fork 0
forked from docs/doc-exports
Code Pull Requests Activity
doc-exports/docs/obs/s3api/en-us_topic_0000001080838596.html
Jawei, Li 1a4c1a720a OBS s3api 2.0.38.SP5 
Reviewed-by: Hasko, Vladimir <vladimir.hasko@t-systems.com>
Co-authored-by: Jawei, Li <lijiawei5@huawei.com>
Co-committed-by: Jawei, Li <lijiawei5@huawei.com>
2022-11-16 14:51:13 +00:00

182 lines
13 KiB
HTML
Raw Blame History

<a name="EN-US_TOPIC_0000001080838596"></a><a name="EN-US_TOPIC_0000001080838596"></a>
<h1 class="topictitle1">PUT Bucket Encryption</h1>
<div id="body0000001080838596"><p id="EN-US_TOPIC_0000001080838596__p199653120135">OBS uses the PUT method to create or update the default server-side encryption for a bucket.</p>
<p id="EN-US_TOPIC_0000001080838596__p15667131417392">After encryption is enabled for a bucket, objects uploaded to the bucket are encrypted with the encryption configuration the bucket. Currently, it only supports the server-side encryption using keys hosted by KMS (SSE-KMS). For details about SSE-KMS, see <a href="en-us_topic_0125560445.html">SSE-KMS</a>.</p>
<p id="EN-US_TOPIC_0000001080838596__p55541638152311">To perform this operation, you must have the <strong id="EN-US_TOPIC_0000001080838596__b385714265271">s3:PutEncryptionConfiguration</strong> permission. By default, the bucket owner has this permission and can assign this permission to other users.</p>
<div class="section" id="EN-US_TOPIC_0000001080838596__section57518732"><h4 class="sectiontitle">Request Syntax</h4><div class="codecoloring" codetype="Xml" id="EN-US_TOPIC_0000001080838596__screen656246211548"><table class="highlighttable"><tr><td class="linenos"><div class="linenodiv"><pre> 1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16</pre></div></td><td class="code"><div class="highlight"><pre><span></span>PUT /?encryption HTTP/1.1
User-Agent: curl/7.29.0
Host: bucketname.obs.region.example.com
Accept: */*
Date: date
Authorization: authorization string
Content-Length: length
<span class="nt">&lt;ServerSideEncryptionConfiguration&gt;</span>
<span class="nt">&lt;Rule&gt;</span>
<span class="nt">&lt;ApplyServerSideEncryptionByDefault&gt;</span>
<span class="nt">&lt;SSEAlgorithm&gt;</span>aws:kms<span class="nt">&lt;/SSEAlgorithm&gt;</span>
<span class="nt">&lt;KMSMasterKeyID&gt;</span>kmskeyid-value<span class="nt">&lt;/KMSMasterKeyID&gt;</span>
<span class="nt">&lt;/ApplyServerSideEncryptionByDefault&gt;</span>
<span class="nt">&lt;/Rule&gt;</span>
<span class="nt">&lt;/ServerSideEncryptionConfiguration&gt;</span>
</pre></div>
</td></tr></table></div>
</div>
<div class="section" id="EN-US_TOPIC_0000001080838596__section47906541"><h4 class="sectiontitle">Request Parameters</h4><p class="msonormal" id="EN-US_TOPIC_0000001080838596__p66660433">This request contains no parameter.</p>
</div>
<div class="section" id="EN-US_TOPIC_0000001080838596__section28505693"><h4 class="sectiontitle">Request Headers</h4><p class="msonormal" id="EN-US_TOPIC_0000001080838596__p30785969">This request uses common headers. For details about common request headers, see the section <a href="en-us_topic_0125560462.html">Common Request Headers</a>.</p>
</div>
<div class="section" id="EN-US_TOPIC_0000001080838596__section55224652"><h4 class="sectiontitle">Request Elements</h4><p id="EN-US_TOPIC_0000001080838596__p13726103911272">In this request, you need to carry the bucket encryption configuration in the request body. The bucket encryption configuration information is uploaded in the XML format. <a href="#EN-US_TOPIC_0000001080838596__table1181123018399">Table 1</a> lists the configuration elements.</p>
<div class="tablenoborder"><a name="EN-US_TOPIC_0000001080838596__table1181123018399"></a><a name="table1181123018399"></a><table cellpadding="4" cellspacing="0" summary="" id="EN-US_TOPIC_0000001080838596__table1181123018399" frame="border" border="1" rules="all"><caption><b>Table 1 </b>Configuration elements of bucket encryption</caption><thead align="left"><tr id="EN-US_TOPIC_0000001080838596__row2018917307393"><th align="left" class="cellrowborder" valign="top" width="32.95%" id="mcps1.3.7.3.2.4.1.1"><p id="EN-US_TOPIC_0000001080838596__p19190143043913">Header</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="56.57%" id="mcps1.3.7.3.2.4.1.2"><p id="EN-US_TOPIC_0000001080838596__p019273012397">Description</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="10.48%" id="mcps1.3.7.3.2.4.1.3"><p id="EN-US_TOPIC_0000001080838596__p2195113033915">Mandatory</p>
</th>
</tr>
</thead>
<tbody><tr id="EN-US_TOPIC_0000001080838596__row7197230193913"><td class="cellrowborder" valign="top" width="32.95%" headers="mcps1.3.7.3.2.4.1.1 "><p id="EN-US_TOPIC_0000001080838596__p125361017184212">ServerSideEncryptionConfiguration</p>
</td>
<td class="cellrowborder" valign="top" width="56.57%" headers="mcps1.3.7.3.2.4.1.2 "><p id="EN-US_TOPIC_0000001080838596__p6536111718422">Root element of the default encryption configuration of a bucket.</p>
<p id="EN-US_TOPIC_0000001080838596__p85368172423">Type: element</p>
<p id="EN-US_TOPIC_0000001080838596__p125365178429">Ancestor: none</p>
<p id="EN-US_TOPIC_0000001080838596__p1555484273118">Children: Rule</p>
</td>
<td class="cellrowborder" valign="top" width="10.48%" headers="mcps1.3.7.3.2.4.1.3 "><p id="EN-US_TOPIC_0000001080838596__p553681720423">Yes</p>
</td>
</tr>
<tr id="EN-US_TOPIC_0000001080838596__row12641636422"><td class="cellrowborder" valign="top" width="32.95%" headers="mcps1.3.7.3.2.4.1.1 "><p id="EN-US_TOPIC_0000001080838596__p3911152616425">Rule</p>
</td>
<td class="cellrowborder" valign="top" width="56.57%" headers="mcps1.3.7.3.2.4.1.2 "><p id="EN-US_TOPIC_0000001080838596__p591252604217">Sub-element of the default encryption configuration of a bucket.</p>
<p id="EN-US_TOPIC_0000001080838596__p391202634216">Type: element</p>
<p id="EN-US_TOPIC_0000001080838596__p4912142604210">Root element: ServerSideEncryptionConfiguration</p>
<p id="EN-US_TOPIC_0000001080838596__p83382043312">Sub-element: ApplyServerSideEncryptionByDefault</p>
</td>
<td class="cellrowborder" valign="top" width="10.48%" headers="mcps1.3.7.3.2.4.1.3 "><p id="EN-US_TOPIC_0000001080838596__p3912326144211">Yes</p>
</td>
</tr>
<tr id="EN-US_TOPIC_0000001080838596__row944320444211"><td class="cellrowborder" valign="top" width="32.95%" headers="mcps1.3.7.3.2.4.1.1 "><p id="EN-US_TOPIC_0000001080838596__p163325395428">ApplyServerSideEncryptionByDefault</p>
</td>
<td class="cellrowborder" valign="top" width="56.57%" headers="mcps1.3.7.3.2.4.1.2 "><p id="EN-US_TOPIC_0000001080838596__p8333639114218">Sub-element of the default encryption configuration of a bucket.</p>
<p id="EN-US_TOPIC_0000001080838596__p1233323919429">Type: element</p>
<p id="EN-US_TOPIC_0000001080838596__p0333163974214">Ancestor: Rule</p>
<p id="EN-US_TOPIC_0000001080838596__p2559123813510">Children: SSEAlgorithm, KMSMasterKeyID</p>
</td>
<td class="cellrowborder" valign="top" width="10.48%" headers="mcps1.3.7.3.2.4.1.3 "><p id="EN-US_TOPIC_0000001080838596__p333319390424">Yes</p>
</td>
</tr>
<tr id="EN-US_TOPIC_0000001080838596__row1314615104218"><td class="cellrowborder" valign="top" width="32.95%" headers="mcps1.3.7.3.2.4.1.1 "><p id="EN-US_TOPIC_0000001080838596__p11495174818425">SSEAlgorithm</p>
</td>
<td class="cellrowborder" valign="top" width="56.57%" headers="mcps1.3.7.3.2.4.1.2 "><p id="EN-US_TOPIC_0000001080838596__p74952488427">Server-side encryption algorithm used for the default encryption configuration of a bucket.</p>
<p id="EN-US_TOPIC_0000001080838596__p1349514814423">Type: string</p>
<p id="EN-US_TOPIC_0000001080838596__p149512481428">Valid values: <strong id="EN-US_TOPIC_0000001080838596__b1580671512436">aws:kms</strong></p>
<p id="EN-US_TOPIC_0000001080838596__p1089135793715">Root element: ApplyServerSideEncryptionByDefault</p>
</td>
<td class="cellrowborder" valign="top" width="10.48%" headers="mcps1.3.7.3.2.4.1.3 "><p id="EN-US_TOPIC_0000001080838596__p18495154864216">Yes</p>
</td>
</tr>
<tr id="EN-US_TOPIC_0000001080838596__row13866105154213"><td class="cellrowborder" valign="top" width="32.95%" headers="mcps1.3.7.3.2.4.1.1 "><p id="EN-US_TOPIC_0000001080838596__p196161654134219"><span style="color:#444444;">KMSMasterKeyID</span></p>
</td>
<td class="cellrowborder" valign="top" width="56.57%" headers="mcps1.3.7.3.2.4.1.2 "><p id="EN-US_TOPIC_0000001080838596__p19616854174215">Customer master key (CMK) used in SSE-KMS encryption mode. If you do not specify this header, the default master key will be used.</p>
<p id="EN-US_TOPIC_0000001080838596__p7616135414424">Type: string</p>
<p id="EN-US_TOPIC_0000001080838596__p6679135313114">Valid value formats are as follows:</p>
<ol id="EN-US_TOPIC_0000001080838596__ol28871657184419"><li id="EN-US_TOPIC_0000001080838596__li388775774418"><em id="EN-US_TOPIC_0000001080838596__i1860613405">regionID:domainID (account ID)</em>:key/<em id="EN-US_TOPIC_0000001080838596__i143414910018">key_id</em></li><li id="EN-US_TOPIC_0000001080838596__li1216183134518">key_id</li></ol>
<p id="EN-US_TOPIC_0000001080838596__p558627121315"><strong id="EN-US_TOPIC_0000001080838596__b82501231174610">regionID</strong> is the ID of the region to which the key belongs. <strong id="EN-US_TOPIC_0000001080838596__b225117317461">domainID</strong> is the account ID of the tenant to which the key belongs. <strong id="EN-US_TOPIC_0000001080838596__b72521131104617">key_id</strong> is the key ID created with the Key Management Service(KMS).</p>
<p id="EN-US_TOPIC_0000001080838596__p2616105415423">Root element: ApplyServerSideEncryptionByDefault</p>
</td>
<td class="cellrowborder" valign="top" width="10.48%" headers="mcps1.3.7.3.2.4.1.3 "><p id="EN-US_TOPIC_0000001080838596__p11616115484210">No</p>
</td>
</tr>
</tbody>
</table>
</div>
</div>
<div class="section" id="EN-US_TOPIC_0000001080838596__section46270551"><h4 class="sectiontitle">Response Syntax</h4><div class="codecoloring" codetype="Xml" id="EN-US_TOPIC_0000001080838596__screen34072248"><table class="highlighttable"><tr><td class="linenos"><div class="linenodiv"><pre>1
2
3</pre></div></td><td class="code"><div class="highlight"><pre><span></span>HTTP/1.1 status_code
Date: date
Content-Length: length
</pre></div>
</td></tr></table></div>
</div>
<div class="section" id="EN-US_TOPIC_0000001080838596__section13781782"><h4 class="sectiontitle">Response Headers</h4><p class="msonormal" id="EN-US_TOPIC_0000001080838596__p4179377">This response uses common headers. For details about common response headers, see the section <a href="en-us_topic_0125560484.html">Common Response Headers</a>.</p>
</div>
<div class="section" id="EN-US_TOPIC_0000001080838596__section56927182"><h4 class="sectiontitle">Response Elements</h4><p id="EN-US_TOPIC_0000001080838596__p2025715391222">This response involves no elements.</p>
</div>
<div class="section" id="EN-US_TOPIC_0000001080838596__section42582590"><h4 class="sectiontitle">Error Responses</h4><p id="EN-US_TOPIC_0000001080838596__p2085119481221">No special error responses are returned. For details about error responses, see <a href="en-us_topic_0125560440.html#EN-US_TOPIC_0125560440__table30733758">Table 1</a>.</p>
</div>
<div class="section" id="EN-US_TOPIC_0000001080838596__section32323009"><h4 class="sectiontitle">Sample Request</h4><div class="codecoloring" codetype="Xml" id="EN-US_TOPIC_0000001080838596__screen8484163863919"><table class="highlighttable"><tr><td class="linenos"><div class="linenodiv"><pre> 1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17</pre></div></td><td class="code"><div class="highlight"><pre><span></span>PUT /?encryption HTTP/1.1
User-Agent: curl/7.29.0
Host: examplebucket.obs.region.example.com
Accept: */*
Date: Thu, 21 Feb 2019 03:05:34 GMT
Authorization: OBS H4IPJX0TQTHTHEBQQCEC:DpSAlmLX/BTdjxU5HOEwflhM0WI=
Content-Length: 778
<span class="cp">&lt;?xml version=&quot;1.0&quot; encoding=&quot;UTF-8&quot; standalone=&quot;yes&quot;?&gt;</span>
<span class="nt">&lt;ServerSideEncryptionConfiguration</span> <span class="na">xmlns=</span><span class="s">&quot;http://obs.region.example.com/doc/2015-06-30/&quot;</span><span class="nt">&gt;</span>
<span class="nt">&lt;Rule&gt;</span>
<span class="nt">&lt;ApplyServerSideEncryptionByDefault&gt;</span>
<span class="nt">&lt;SSEAlgorithm&gt;</span>aws:kms<span class="nt">&lt;/SSEAlgorithm&gt;</span>
<span class="nt">&lt;KMSMasterKeyID&gt;</span>4f1cd4de-ab64-4807-920a-47fc42e7f0d0<span class="nt">&lt;/KMSMasterKeyID&gt;</span>
<span class="nt">&lt;/ApplyServerSideEncryptionByDefault&gt;</span>
<span class="nt">&lt;/Rule&gt;</span>
<span class="nt">&lt;/ServerSideEncryptionConfiguration&gt;</span>
</pre></div>
</td></tr></table></div>
</div>
<div class="section" id="EN-US_TOPIC_0000001080838596__section22471632"><h4 class="sectiontitle">Sample Response</h4><div class="codecoloring" codetype="Xml" id="EN-US_TOPIC_0000001080838596__screen8485113814"><table class="highlighttable"><tr><td class="linenos"><div class="linenodiv"><pre>1
2
3
4
5
6</pre></div></td><td class="code"><div class="highlight"><pre><span></span>HTTP/1.1 200 OK
Server: OBS
x-amz-request-id: BF26000001643670AC06E7B9A7767921
x-amz-id-2: 32AAAQAAEAABSAAgAAEAABAAAQAAEAABCSvK6z8HV6nrJh49gsB5vqzpgtohkiFm
Date: Thu, 21 Feb 2019 03:05:34 GMT
Content-Length: 0
</pre></div>
</td></tr></table></div>
</div>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="en-us_topic_0125560493.html">Operations on Buckets</a></div>
</div>
</div>
View Git Blame Copy Permalink