yexinru/doc-exports
1
0
Fork 0
forked from docs/doc-exports
Code Pull Requests Activity
Files
a41a4e0331fbc0beff63bb28fa59228cc9a751df
doc-exports/docs/obs/umn/obs_03_0322.html
weihongmin1 cd7925dbd2 OBS UMN 1210 Version 
Reviewed-by: Sabelnikov, Dmitriy <dmitriy.sabelnikov@t-systems.com>
Co-authored-by: weihongmin1 <weihongmin1@huawei.com>
Co-committed-by: weihongmin1 <weihongmin1@huawei.com>
2025-12-10 14:10:07 +00:00

47 lines
5.0 KiB
HTML
Raw Blame History

<a name="obs_03_0322"></a><a name="obs_03_0322"></a>
<h1 class="topictitle1">Enabling Server-Side Encryption When Uploading an Object</h1>
<div id="body1499753333227"><p id="obs_03_0322__p47229409">OBS allows you to encrypt objects with server-side encryption so that the objects can be securely stored in <span id="obs_03_0322__ph18231025193512">OBS</span>.</p>
<p id="obs_03_0322__p36042120417">When you upload an object to a bucket with <span id="obs_03_0322__ph1865519323262">server-side encryption</span> disabled, you can separately configure <span id="obs_03_0322__ph176121059164610">server-side encryption</span> for the object. If the bucket has <span id="obs_03_0322__ph12163134711354">server-side encryption</span> enabled, the object you upload inherits encryption from the bucket by default. You can also configure new encryption for the object.</p>
<div class="section" id="obs_03_0322__section4247191810406"><h4 class="sectiontitle">Constraints</h4><ul id="obs_03_0322__ul195776363401"><li id="obs_03_0322__li7577336174010">The object encryption status cannot be changed.</li><li id="obs_03_0322__li19577173644011">A key in use cannot be deleted. Otherwise, the object encrypted with this key cannot be downloaded.</li><li id="obs_03_0322__li166014535477">Objects encrypted on the server side cannot be shared.</li></ul>
</div>
<div class="section" id="obs_03_0322__s0d643ba8bc99487da02b86a7664d2605"><h4 class="sectiontitle">Prerequisites</h4><p id="obs_03_0322__aa0af249de5034728b787a097e2866e92">In the region where OBS is deployed, the <strong id="obs_03_0322__b17501648163">KMS Administrator</strong> permission has been added to the user group. For details about how to add permissions, see the <em id="obs_03_0322__i5440022175711">IAM User Guide</em>.</p>
<div class="note" id="obs_03_0322__note107819349249"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><p id="obs_03_0322__p7342174617249">A custom KMS Policy with a minimum required set of allowed actions for users to be able to upload and download objects with Server-Side Encryption is:</p>
<pre class="screen" id="obs_03_0322__screen7837623162513">{
"Version": "1.1",
"Statement": [
{
"Effect": "Allow",
"Action": [
"kms:dek:crypto",
"kms:dek:create",
"kms:cmk:get",
"kms:cmk:list",
"kms:cmk:generate",
"kms:cmk:crypto"
]
}
]
}</pre>
</div></div>
</div>
<div class="section" id="obs_03_0322__section16043441174915"><h4 class="sectiontitle">Procedure</h4><ol id="obs_03_0322__ol10173245174915"><li id="obs_03_0322__li11242915363"><span>In the bucket list, click the bucket you want to operate to go to the <strong id="obs_03_0322__obs_03_0307_b5948183711913">Objects</strong> page.</span></li><li id="obs_03_0322__li19771827250"><span>Click <strong id="obs_03_0322__b1862315018546">Upload Object</strong>. The <strong id="obs_03_0322__b14624105005416">Upload Object</strong> dialog box is displayed.</span></li><li id="obs_03_0322__l44ccecac0c874e978aaf39cb51f2aee3"><span>Add the files to be uploaded.</span></li><li id="obs_03_0322__li179281758123714"><span>Choose <strong id="obs_03_0322__b1093912021517">SSE-KMS</strong>. You can select the default key in the current region to encrypt the objects you upload to the bucket. If you do not have a default key, OBS automatically creates one the first time you upload an object. You can also choose <strong id="obs_03_0322__b55841871834">Custom</strong> to use a custom key for encryption. If there is no custom key available, click <strong id="obs_03_0322__b205851871335">Create KMS Key</strong> to create one on the <span id="obs_03_0322__ph16586771319">KMS</span> console. Then, go back here and choose the created key from the drop-down list.</span><p><div class="note" id="obs_03_0322__note38259571352"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><p id="obs_03_0322__p168251957113515">If the bucket has <span id="obs_03_0322__ph4158449133514">server-side encryption</span> configured, the object you upload will inherit encryption from the bucket by default.</p>
</div></div>
<div class="fignone" id="obs_03_0322__fig6980161282015"><span class="figcap"><b>Figure 1 </b>Encrypting an object to be uploaded</span><br><span><img id="obs_03_0322__image17981161216209" src="en-us_image_0000002113097516.png" title="Click to enlarge" class="imgResize"></span></div>
</p></li><li id="obs_03_0322__li12125192695311"><span>Click <strong id="obs_03_0322__b2095194211233">Upload</strong>.</span><p><p id="obs_03_0322__p1031815541623">After the object is uploaded, you can view its encryption status on its details page.</p>
</p></li></ol>
</div>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="obs_03_0321.html">Server-Side Encryption</a></div>
</div>
</div>
<script language="JavaScript">
<!--
image_size('.imgResize');
var msg_imageMax = "view original image";
var msg_imageClose = "close";
//--></script>
View Git Blame Copy Permalink