检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
Typical Configuration of the Encryption Function Database encryption and access control encrypt sensitive data in the database to ensure data security. This example shows how to encrypt the database.
In the Add Decryption Task dialog box, set and encrypt the corresponding data information, including the asset name, schema name, and table name. Figure 3 Adding a decryption task Select Start Task. After the creation is complete, the decryption task is automatically started.
Purchasing an Encrypted Database Instance in Yearly/Monthly Mode Function Buying a Database Encryption Instance in Pay-per-Use Mode URI POST /v2/{project_id}/db-encrypt/charge/period/order Table 1 Path Parameters Parameter Mandatory Type Description project_id Yes String Definition
Therefore, you are not advised to encrypt the database table. Parent topic: System Function Configuration and Application Scenario Examples
Unbinding an EIP from an Encrypted Database Instance Function Unbind an EIP from a database encryption instance. URI POST /v1/{project_id}/db-encrypt/{instance_id}/eip/unbind Table 1 Path Parameters Parameter Mandatory Type Description project_id Yes String Definition: Project ID.
Deleting an Encrypted Database Instance Function This API is used to delete an encrypted database instance. URI DELETE /v1/{project_id}/db-encrypt/{instance_id} Table 1 Path Parameters Parameter Mandatory Type Description project_id Yes String Definition: Project ID. You can obtain
In this scenario, the bypass plug-in can be used to encrypt and decrypt customers' ciphertext data in real time when a single point of failure (SPOF) occurs on the encryption device, ensuring quick service recovery.
Resetting the Password of an Encrypted Database Instance Function This API Is used to reset the password of a database encryption instance. URI POST /v1/{project_id}/db-encrypt/{instance_id}/password/reset Table 1 Path Parameters Parameter Mandatory Type Description project_id Yes
Databases and Versions That Can Be Managed by Database Encryption After adding data assets (databases) to the system, you can identify sensitive data in the databases and encrypt, decrypt, and mask sensitive information.
Restarting an Encrypted Database Instance Function This API is used to restart an encrypted database instance. URI POST /v1/{project_id}/db-encrypt/{instance_id}/reboot Table 1 Path Parameters Parameter Mandatory Type Description project_id Yes String Definition: Specifies the project
Changing the Security Group of an Encrypted Instance Function This API is used to change the security group of a database encryption instance. URI PUT /v1/{project_id}/db-encrypt/{instance_id}/security-group Table 1 Path Parameters Parameter Mandatory Type Description project_id Yes
In this case, the task is removed, but the system continues to encrypt data. Figure 4 Full encryption mode Query the database table again. The query result is encrypted data, as shown in Figure 5. Figure 5 Encrypted data Parent topic: Sensitive Data Discovery
Adding Data Assets After data assets (databases) are added to the system, you can identify, encrypt, decrypt, and mask sensitive data in the databases. This section uses the MySQL database as an example. Add data assets based on the site requirements.
In this case, the task is in the Removed state, but the system continues to encrypt data. Figure 3 Encryption task After the encryption is complete, only encrypted data can be queried by unauthorized users.
As shown in Figure 8, if you have renamed a database table, you are not advised to encrypt the table. Figure 8 Analysis and suggestions Parent topic: System Administrator Operation Guide
In this case, encrypt the table first. For details about how to encrypt a table, see Configuring an Encryption Task. Figure 1 Adding a decrypted task Select Start Task. After the creation is complete, the decryption task is automatically started. Click Complete.
