vpruthi/doc-exports
1
0
Fork 0
forked from docs/doc-exports
Code Pull Requests Activity
doc-exports/docs/obs/umn/obs_03_0322.html
zhangyue b55201d729 OBS UMN DOC 
Reviewed-by: Sabelnikov, Dmitriy <dmitriy.sabelnikov@t-systems.com>
Co-authored-by: zhangyue <zhangyue164@huawei.com>
Co-committed-by: zhangyue <zhangyue164@huawei.com>
2024-03-18 15:39:30 +00:00

48 lines
5.0 KiB
HTML
Raw Blame History

<a name="obs_03_0322"></a><a name="obs_03_0322"></a>
<h1 class="topictitle1">Uploading an Object in Server-Side Encryption Mode</h1>
<div id="body1499753333227"><p id="obs_03_0322__p47229409">OBS allows you to encrypt objects with server-side encryption so that the objects can be securely stored in OBS.</p>
<p id="obs_03_0322__p36042120417">In a bucket with server-side encryption disabled, objects uploaded to it are not encrypted by default, but you can configure server-side encryption for the objects when uploading them. In a bucket with server-side encryption enabled, objects uploaded to it can inherit the encryption settings of the bucket, and you can also separately configure encryption for the objects.</p>
<div class="section" id="obs_03_0322__section4247191810406"><h4 class="sectiontitle">Limitations and Constraints</h4><ul id="obs_03_0322__ul195776363401"><li id="obs_03_0322__li7577336174010">The object encryption status cannot be changed.</li><li id="obs_03_0322__li19577173644011">A key in use cannot be deleted. Otherwise, the object encrypted with this key cannot be downloaded.</li><li id="obs_03_0322__li166014535477">Objects encrypted on the server side cannot be shared.</li></ul>
</div>
<div class="section" id="obs_03_0322__s0d643ba8bc99487da02b86a7664d2605"><h4 class="sectiontitle">Prerequisites</h4><p id="obs_03_0322__aa0af249de5034728b787a097e2866e92">In the region where OBS is deployed, the <strong id="obs_03_0322__b17501648163">KMS Administrator</strong> permission has been added to the user group. For details about how to add permissions, see the <em id="obs_03_0322__i5440022175711">IAM User Guide</em>.</p>
<div class="note" id="obs_03_0322__note107819349249"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><p id="obs_03_0322__p7342174617249">A custom KMS Policy with a minimum required set of allowed actions for users to be able to upload and download objects with Server-Side Encryption is:</p>
<pre class="screen" id="obs_03_0322__screen7837623162513">{
"Version": "1.1",
"Statement": [
{
"Effect": "Allow",
"Action": [
"kms:dek:crypto",
"kms:dek:create",
"kms:cmk:get",
"kms:cmk:list",
"kms:cmk:generate",
"kms:cmk:crypto"
]
}
]
}</pre>
</div></div>
</div>
<div class="section" id="obs_03_0322__section16043441174915"><h4 class="sectiontitle">Procedure</h4><ol id="obs_03_0322__ol10173245174915"><li id="obs_03_0322__li99821455306"><span>In the bucket list, click the bucket you want to operate. The <strong id="obs_03_0322__obs_03_0307_b144421021120">Overview</strong> page is displayed.</span></li><li id="obs_03_0322__li1733753692411"><span>In the navigation pane, choose <strong id="obs_03_0322__obs_03_0307_b51941856151917">Objects</strong>.</span></li><li id="obs_03_0322__li19771827250"><span>Click <strong id="obs_03_0322__b1862315018546">Upload Object</strong>. The <strong id="obs_03_0322__b14624105005416">Upload Object</strong> dialog box is displayed.</span></li><li id="obs_03_0322__l44ccecac0c874e978aaf39cb51f2aee3"><span>Add the files to be uploaded.</span></li><li id="obs_03_0322__lbc952448b05b47efb9b98c6b8b4f9cce"><span>Select <strong id="obs_03_0322__b1293516402362">KMS encryption</strong> and select a key that you have created on KMS.</span><p><div class="note" id="obs_03_0322__note1129514211218"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><p id="obs_03_0322__obs_03_0307_obs_03_0306_p062133814520">If the default encryption has been enabled for the bucket, uploaded objects are automatically encrypted.</p>
</div></div>
<p id="obs_03_0322__p11270155115810">After <strong id="obs_03_0322__b1008897288">KMS encryption</strong> is selected, <strong id="obs_03_0322__b1374619710">obs/default</strong> is selected by default as the key for the encryption. You can also click <strong id="obs_03_0322__b382915177561">Create KMS Key</strong> to switch to the KMS management console and create a customer master key. Then go back to OBS Console and select the key from the drop-down list.</p>
<div class="fignone" id="obs_03_0322__fig14151753141216"><span class="figcap"><b>Figure 1 </b>Encrypting an object to be uploaded</span><br><span><img id="obs_03_0322__image318851011919" src="en-us_image_0130187638.png" title="Click to enlarge" class="imgResize"></span></div>
</p></li><li id="obs_03_0322__li12125192695311"><span>Click <strong id="obs_03_0322__b2095194211233">Upload</strong>.</span><p><p id="obs_03_0322__p1031815541623">After the object is uploaded, you can view its encryption status on its details page.</p>
</p></li></ol>
</div>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="obs_03_0321.html">Server-Side Encryption</a></div>
</div>
</div>
<script language="JavaScript">
<!--
image_size('.imgResize');
var msg_imageMax = "view original image";
var msg_imageClose = "close";
//--></script>
View Git Blame Copy Permalink