检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
Parent topic: Using KMS to Encrypt and Decrypt Data for Cloud Services
Using KMS to Encrypt a Disk (Through an API) You can call the required API of EVS to purchase an encrypted EVS disk. For details, see Elastic Volume Service API Reference. Parent topic: Using KMS to Encrypt and Decrypt Data for Cloud Services
Using KMS to Encrypt and Decrypt Data for Cloud Services Overview Encrypting Data in ECS Encrypting Data in EVS Encrypting Data in IMS Encrypting Data in OBS Encrypting an RDS DB Instance Encrypting a DDS DB Instance Parent topic: Key Management Service
This section describes how to use default KMS keys to encrypt IMS image files. Solution Architecture Figure 1 describes how to use KMS to encrypt an IMS image file.
Step 2: Creating a Key With KMS, you can create keys and use the keys to encrypt files to be uploaded on the OBS server. Step 3: Uploading Files to an OBS Bucket Upload files to the OBS bucket and use the KMS key encrypt the files.
When creating an ECS, you can encrypt added data disks. For details about how to encrypt an image, see Encrypting Data in IMS. For details about how to encrypt a data disk, see Encrypting Data in EVS. Parent topic: Using KMS to Encrypt and Decrypt Data for Cloud Services
The ciphertext DEK was generated by using a CMK to encrypt the plaintext DEK. Use the plaintext DEK to encrypt a plaintext file, generating a ciphertext file. Store the ciphertext DEK and the ciphertext file together in a permanent storage device or a storage service.
Using the Encryption SDK to Encrypt and Decrypt Local Files You can use certain algorithms to encrypt your files, protecting them from being breached or tampered with. Encryption SDK is a client password library that can encrypt and decrypt data and file streams.
This section describes how to call a KMS API and use a CMK to encrypt or decrypt data. Process: Create a CMK in KMS. Call the encrypt-data API of KMS to encrypt plaintext data by using a CMK. Deploy ciphertext certificates on your servers.
For details about how to use KMS to encrypt and decrypt data, see Using KMS to Encrypt and Decrypt Data for Cloud Services. Parent topic: KMS Related
Using KMS to Encrypt Offline Data Encrypting or Decrypting Small Volumes of Data Encrypting or Decrypting a Large Amount of Data Parent topic: Key Management Service
Parent topic: Using KMS to Encrypt and Decrypt Data for Cloud Services
Parent topic: Using KMS to Encrypt and Decrypt Data for Cloud Services
Encrypting or Decrypting a Large Amount of Data Scenario If you want to encrypt or decrypt large volumes of data, such as pictures, videos, and database files, you can use envelope encryption, which allows you to encrypt and decrypt files without having to transfer a large amount
Parent topic: Using KMS to Encrypt Offline Data
Constraints Default keys cannot be used to encrypt or decrypt such data with the tool. Asymmetric keys cannot be used to encrypt or decrypt such data with the tool. You can call an API to use a default key to encrypt or decrypt small volumes of data.
A data encryption key (DEK) is used to encrypt data. Using KMS, you can create, encrypt, and decrypt DEKs. The KMS system does not save, manage, or track your DEKs, neither does it use the DEKs to encrypt or decrypt data.
You can only use KMS to create new CMKs to encrypt and decrypt data. Parent topic: KMS Related
When creating an ECS, you can encrypt added data disks.
Creates a new secret version in the specified secret to encrypt and store secret values randomly generated in the background. At the same time, the newly created secret version is marked as SYSCURRENT. Constraints The RotateSecret API does not support rotation of common secrets.
