检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
Figure 4 Encrypting data in OBS OBS uses the encryption key provided by KMS. You can select any of the following keys: Default key obs/default. If you do not have a default key, OBS automatically creates one when you upload an object for the first time.
Step 2: Creating a Key With KMS, you can create keys and use the keys to encrypt files to be uploaded on the OBS server. Step 3: Uploading Files to an OBS Bucket Upload files to the OBS bucket and use the KMS key encrypt the files.
Advantages Extensive Service Integration By integrating with OBS, EVS, and IMS, you can use KMS to manage the keys of the services or use KMS APIs to encrypt and decrypt local data.
Table 1 Default master keys Alias Cloud Service obs/default Object Storage Service (OBS) evs/default Elastic Volume Service (EVS) ims/default Image Management Service (IMS) vbs/default Volume Backup Service (VBS) sfs/default Scalable File Service (SFS) kps/default Key Pair Service
For example, when you upload an object on OBS, enable Server-Side Encryption, and set Encryption Key Type to Default, OBS will use KMS to generate a default key whose alias is obs/default.
OBS supports the server-side encryption with KMS-managed keys (SSE-KMS). In this mode, OBS uses the keys provided by KMS for server-side encryption.
Using KMS to Encrypt and Decrypt Data for Cloud Services Overview Encrypting Data in ECS Encrypting Data in EVS Encrypting Data in IMS Encrypting Data in OBS Encrypting an RDS DB Instance Encrypting a DDS DB Instance Parent topic: Key Management Service
OBS supports the server-side encryption with KMS-managed keys (SSE-KMS). In this mode, OBS uses the keys provided by KMS for server-side encryption.
OBS supports the server-side encryption with KMS-managed keys (SSE-KMS). In this mode, OBS uses the keys provided by KMS for server-side encryption.
To store operation records for longer than seven days, configure transfer to OBS or Log Tank Service (LTS) so that you can view them in OBS buckets or LTS log groups.
Image Management Service (IMS) Encrypting Data in IMS Storage Object Storage Service (OBS) Encrypting Data in OBS Elastic Volume Service (EVS) Encrypting Data in EVS Volume Backup Service (VBS) VBS generally creates online backups for a single EVS disk (system or data disk) of the
Encryption in OBS When you enable server-side encryption in Object Storage Service (OBS): An object uploaded to OBS is encrypted on the server before being stored. When the object is downloaded, data is decrypted on the server first.
OBS supports authentication using an AK/SK pair. It uses AK/SK-based encryption to authenticate requests. For details, see Authentication. Access Control DEW uses Identity and Access Management (IAM) to implement refined access control.
Solution To access KMS through the cloud service console (for example, for OBS encryption purposes), allow access from network segments 10.0.0.0/8, 11.0.0.0/8, and 26.0.0.0/8. To call KMS via API, allow access from the source IP addresses.
When creating an RDS, DDS, or OBS instance, you can choose shared KMS keys. For details, see Cloud Services with KMS Integrated.
The backup data stored in OBS will not be encrypted. After a Document Database Service (DDS) DB instance is created, do not disable or delete the key that is being used. Otherwise, DDS will be unavailable and data cannot be restored.
Upload the external image file to the OBS bucket. For details, see Creating a Windows System Disk Image from an External Image File. Create a private image. Log in to the IMS console. Click the Private Images tab and click Create Image in the upper right corner.
Encrypting Data in ECS Encrypting Data in OBS Encrypting Data in EVS Encrypting Data in IMS Encrypting an RDS DB Instance Encrypting a DDS DB Instance
The backup data stored in OBS will not be encrypted. After an RDS DB instance is created, do not disable or delete the key that is being used. Otherwise, RDS will be unavailable and data cannot be restored.
Public services, such as Elastic Cloud Server (ECS), Elastic Volume Service (EVS), Object Storage Service (OBS), Virtual Private Cloud (VPC), Elastic IP (EIP), and Image Management Service (IMS), are shared within the same region.
