检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
Advantages Extensive Service Integration By integrating with OBS, EVS, and IMS, you can use KMS to manage the keys of the services or use KMS APIs to encrypt and decrypt local data.
Data Protection Encryption SFS Turbo supports server-side encryption, which allows you to encrypt the data stored in SFS Turbo file systems. When data is accessed, SFS Turbo automatically decrypts the data and returns it to you.
File System Encryption You can encrypt data on the newly created SFS Turbo file systems if needed. Keys used by encrypted file systems are provided by the Key Management Service (KMS), which is secure and convenient.
Connecting to a Database in SM-based TLS Mode When connecting to a GaussDB server through JDBC, you can enable SM-based TLS to encrypt communication between a client and a server. This mode provides a highly secure channel for sensitive data transmission on the Internet.
HTTP does not encrypt data in transmit, so confidential information, such as passwords, accounts, and transaction records, transmitted over HTTP is plaintext and easy to be leaked, stolen, or tampered with anytime. HTTP is insecure for transmitting private information.
You need to call APIs to encrypt and decrypt a large amount of data.
For details about how to encrypt or decrypt a large amount of data, see Encrypting or Decrypting a Large Amount of Data. Parent topic: KMS
When connecting to an instance, clients can use the CA root certificates downloaded from the management console to authenticate the instance server and encrypt data during transmission. DCS Redis for 4.0/5.0 only support plaintext transmission.
Key Management Scenarios The Cloud O&M Center uses DEW to encrypt your host account password for secure protection. Before using Key Management Service (KMS), create a key on DEW. Configuring a Key Log in to COC.
If you want to use the OBS encryption function, follow instructions in Using OBS to Encrypt Data for Running Jobs to configure related information and call an API to run a job.
The public key is used to encrypt sensitive information when calling a service API.
Configuring One-Way or Two-Way Authentication Between the Dedicated Gateway and Client Scenario If the API frontend supports HTTPS, you need to add an SSL certificate for the independent domain name bound to the API group. An SSL certificate is used for data encryption and identity
GAUSS-02781 -- GAUSS-02790 GAUSS-02783: "encrypt the plain text failed!" SQLSTATE: 39000 Description: Internal system error. Solution:contact technical support GAUSS-02784: "encode the plain text failed!" SQLSTATE: 39000 Description: Internal system error.
To avoid such problems, you can encrypt the sensitive data in the database and protect the keys that are used to encrypt the data. This prevents anyone without the keys from using the data, but this kind of protection must be planned in advance.
Adding Data Assets After data assets (databases) are added to the system, you can identify, encrypt, decrypt, and mask sensitive data in the databases. This section uses the MySQL database as an example. Add data assets based on the site requirements.
Monitoring DEW Key Usage Using CTS DEW provides the key function to help you generate, encrypt, and decrypt data encryption keys (DEKs) to protect sensitive data in cloud services.
Billing Examples Billing Scenario A user created a symmetric key at 14:25:00 on May 18, 2023 and used the key to encrypt OBS. During the use of the key, 164,573 API requests were generated. The user stopped using the key and deleted it at 16:14:00 on June 29, 2023.
Ciphertext DEKs are generated when you use a CMK to encrypt the plaintext DEKs. Huawei Cloud services use the plaintext DEK to encrypt a plaintext file, generating a ciphertext file.
Check whether both the source and destination databases use SSL to encrypt connections.
Key Management Service Using KMS to Encrypt Offline Data Using KMS to Encrypt and Decrypt Data for Cloud Services Using the Encryption SDK to Encrypt and Decrypt Local Files Encrypting and Decrypting Data Through Cross-region DR Using KMS to Protect File Integrity
