检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
Table 1 Default master keys Alias Cloud Service obs/default Object Storage Service (OBS) evs/default Elastic Volume Service (EVS) ims/default Image Management Service (IMS) vbs/default Volume Backup Service (VBS) sfs/default Scalable File Service (SFS) kps/default Key Pair Service
Encrypting Data in OBS Elastic Volume Service (EVS) If you enable the encryption function when creating an EVS disk, the disk will be encrypted with the DEK generated by using your CMK. Data stored in the EVS disk will be automatically encrypted.
Using KMS to Encrypt a Disk (Through an API) You can call the required API of EVS to purchase an encrypted EVS disk. For details, see Elastic Volume Service API Reference. Parent topic: Using KMS to Encrypt and Decrypt Data for Cloud Services
Object Storage Service (OBS), Elastic Volume Service (EVS), Image Management Service (IMS), and Relational Database Service (RDS) can use KMS for encryption.
Scenarios: Small-size data encryption Large-size data encryption Encryption in Object Storage Service (OBS) Encryption in Elastic Volume Service (EVS) Encryption in Image Management Service (IMS)
Scenarios: Small-size data encryption Large-size data encryption Encryption in Object Storage Service (OBS) Encryption in Elastic Volume Service (EVS) Encryption in Image Management Service (IMS)
Advantages Extensive Service Integration By integrating with OBS, EVS, and IMS, you can use KMS to manage the keys of the services or use KMS APIs to encrypt and decrypt local data.
Public services, such as Elastic Cloud Server (ECS), Elastic Volume Service (EVS), Object Storage Service (OBS), Virtual Private Cloud (VPC), Elastic IP (EIP), and Image Management Service (IMS), are shared within the same region.
Encryption in EVS In case your services require encryption for the data stored on disks, KMS is integrated with Elastic Volume Service (EVS). You can use the key provided by KMS to encrypt the disk.
Figure 1 OBS default key Table 1 Default master keys Alias Cloud Service obs/default Object Storage Service (OBS) evs/default Elastic Volume Service (EVS) ims/default Image Management Service (IMS) vbs/default Volume Backup Service (VBS) sfs/default Scalable File Service (SFS) kps
Image Management Service (IMS) Encrypting Data in IMS Storage Object Storage Service (OBS) Encrypting Data in OBS Elastic Volume Service (EVS) Encrypting Data in EVS Volume Backup Service (VBS) VBS generally creates online backups for a single EVS disk (system or data disk) of the
Using KMS to Encrypt and Decrypt Data for Cloud Services Overview Encrypting Data in ECS Encrypting Data in EVS Encrypting Data in IMS Encrypting Data in OBS Encrypting an RDS DB Instance Encrypting a DDS DB Instance Parent topic: Key Management Service
Currently, RDS calls the EVS APIs for encryption purposes. KMS is called when an EVS disk is created or mounted. Data writing and reading do not call KMS.
Encrypting Data in OBS Elastic Volume Service (EVS) If you enable the encryption function when creating an EVS disk, the disk will be encrypted with the DEK generated by using your CMK. Data stored in the EVS disk will be automatically encrypted.
Public services, such as Elastic Cloud Server (ECS), Elastic Volume Service (EVS), Object Storage Service (OBS), Virtual Private Cloud (VPC), Elastic IP (EIP), and Image Management Service (IMS), are shared within the same region.
Encrypt the EVS system disk. For details, see Encrypting Data in EVS. When purchasing an ECS, set Disk Type to the encrypted system disk in Step 1. Create a private image. Log in to the IMS console. Click the Private Images tab and click Create Image in the upper right corner.
Encrypting Data in ECS Overview KMS supports one-click encryption for ECS. The images and data disks of ECS can be encrypted. When creating an ECS, if you select an encrypted image, the system disk of the created ECS automatically has encryption enabled, with its encryption mode same
Encrypting Data in ECS Encrypting Data in OBS Encrypting Data in EVS Encrypting Data in IMS Encrypting an RDS DB Instance Encrypting a DDS DB Instance
Example: evs/default It cannot be disabled or scheduled for deletion. You are not charged when you use the cloud service automatically generated by the system. If the number of API requests exceeds 20,000, you will be billed. Parent topic: KMS Related
Scenarios Encrypt data in OBS Encrypt data in EVS Encrypt data in IMS Encrypt an RDS DB instance Use custom keys to directly encrypt and decrypt small volumes of data.
