检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
File System Encryption You can encrypt data on the newly created SFS Turbo file systems if needed. Keys used by encrypted file systems are provided by the Key Management Service (KMS), which is secure and convenient.
Connecting to a Database in SM-based TLS Mode When connecting to a GaussDB server through JDBC, you can enable SM-based TLS to encrypt communication between a client and a server. This mode provides a highly secure channel for sensitive data transmission on the Internet.
HTTP does not encrypt data in transmit, so confidential information, such as passwords, accounts, and transaction records, transmitted over HTTP is plaintext and easy to be leaked, stolen, or tampered with anytime. HTTP is insecure for transmitting private information.
You need to call APIs to encrypt and decrypt a large amount of data.
For details about how to encrypt or decrypt a large amount of data, see Encrypting or Decrypting a Large Amount of Data. Parent topic: KMS
When connecting to an instance, clients can use the CA root certificates downloaded from the management console to authenticate the instance server and encrypt data during transmission. DCS Redis for 4.0/5.0 only support plaintext transmission.
The key of this region is used to encrypt and decrypt data on hosts in all regions. Click OK. The key is bound. Parent Topic: Account Management
If you want to use the OBS encryption function, follow instructions in Using OBS to Encrypt Data for Running Jobs to configure related information and call an API to run a job.
The public key is used to encrypt sensitive information when calling a service API.
Configuring One-Way or Two-Way Authentication Between the Dedicated Gateway and Client Scenario If the API frontend supports HTTPS, you need to add an SSL certificate for the independent domain name bound to the API group. An SSL certificate is used for data encryption and identity
Creating a PIN Function This API is used to create a PIN, which is used to create and encrypt a DEK in the level-4 cryptography testing scenario. Calling Method For details, see Calling APIs.
GAUSS-02781 -- GAUSS-02790 GAUSS-02783: "encrypt the plain text failed!" SQLSTATE: 39000 Description: Internal system error. Solution:contact technical support GAUSS-02784: "encode the plain text failed!" SQLSTATE: 39000 Description: Internal system error.
To avoid such problems, you can encrypt the sensitive data in the database and protect the keys that are used to encrypt the data. This prevents anyone without the keys from using the data, but this kind of protection must be planned in advance.
Adding Data Assets After data assets (databases) are added to the system, you can identify, encrypt, decrypt, and mask sensitive data in the databases. This section uses the MySQL database as an example. Add data assets based on the site requirements.
Monitoring DEW Key Usage Using CTS DEW provides the key function to help you generate, encrypt, and decrypt data encryption keys (DEKs) to protect sensitive data in cloud services.
Encrypting a DEK Function This API is used to encrypt a DEK using a specified CMK. Calling Method For details, see Calling APIs.
Billing Examples Billing Scenario A user created a symmetric key at 14:25:00 on May 18, 2023 and used the key to encrypt OBS. During the use of the key, 164,573 API requests were generated. The user stopped using the key and deleted it at 16:14:00 on June 29, 2023.
Ciphertext DEKs are generated when you use a CMK to encrypt the plaintext DEKs. Huawei Cloud services use the plaintext DEK to encrypt a plaintext file, generating a ciphertext file.
Check whether both the source and destination databases use SSL to encrypt connections.
Using KMS to Encrypt Secrets Dedicated Distributed Storage Service (DSS) EVS enables you to encrypt data on created disks as required. Keys used by encrypted EVS disks are provided by KMS of DEW, secure and convenient.
