检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
a DEK √ √ Decrypt a DEK √ √ Obtain parameters for importing a key √ √ Import key materials √ √ Delete key materials √ √ Create a grant √ √ Revoke a grant √ √ Retire a grant √ √ Query the grant list √ √ Query retirable grants √ √ Encrypt data √ √ Decrypt data √ √ Send signature messages
Encrypt the AK/SK in the configuration file or environment variables for storage. In this example, the AK/SK stored in the environment variables are used for identity authentication.
× Creating a DEK POST /v1.0/{project_id}/kms/create-datakey kms:dek:create - √ √ Creating a plaintext-free DEK POST /v1.0/{project_id}/kms/create-datakey-without-plaintext kms:dek:create - √ √ Encrypting a DEK POST /v1.0/{project_id}/kms/encrypt-datakey kms:dek:crypto or kms:dek:encrypt
Services That Support Shared Key Encryption and System-defined Policies If you choose to encrypt created resources using a shared key when purchasing yearly/monthly resources, you need to grant the corresponding policy to the user so that the shared key can be used.
Encrypt the AK/SK in the configuration file or environment variables for storage. In this example, the AK/SK stored in the environment variables are used for identity authentication.
Encrypt the AK/SK in the configuration file or environment variables for storage. In this example, the AK/SK stored in the environment variables are used for identity authentication.
Encrypt the AK/SK in the configuration file or environment variables for storage. In this example, the AK/SK stored in the environment variables are used for identity authentication.
Huawei Cloud uses encryption keys provided by KMS to encrypt your private keys to ensure secure storage and access.
You can use shared KMS to encrypt the secrets and key pairs in DEW, and create an encryption task for instances in Relational Database Service (RDS), Document Database Service (DDS), and Object Storage Service (OBS).
If an asymmetric key is imported, this parameter is a temporary intermediate key used to encrypt the private key. encrypted_privatekey No String Private key encrypted using a temporary intermediate key. This parameter is required for importing an asymmetric key.
Use a correct algorithm type. 400 KMS.1114 EC keys do not support to encrypt/decrypt. The key cannot be encrypted or decrypted. Use the correct key for encryption and decryption. 400 KMS.1115 Symmetric keys do not support to sign/verify.
Encrypt the AK/SK in the configuration file or environment variables for storage. In this example, the AK/SK stored in the environment variables are used for identity authentication.
Its value can be: ENABLED DISABLED PENDING_DELETE FROZEN kms_key_id String ID of the KMS CMK used to encrypt a secret value. description String Description of a secret create_time Long Secret creation time.
Table 4 key_protection field description Parameter Mandatory Type Description private_key No String Character string of a private key to be imported encryption Yes Object Method to encrypt and store private keys. For details, see Table 5.
This parameter is left blank by default. kms_key_id String ID of the KMS CMK used to encrypt a secret version value. secret_name String Secret name version_stages Array of strings Secret version status list. Each status tag is unique for a secret version.
This parameter is left blank by default. kms_key_id String ID of the KMS CMK used to encrypt a secret version value. secret_name String Secret name version_stages Array of strings Secret version status list. Each status tag is unique for a secret version.
This parameter is left blank by default. kms_key_id String ID of the KMS CMK used to encrypt a secret version value. secret_name String Secret name version_stages Array of strings Secret version status list. Each status tag is unique for a secret version.
Its value can be: ENABLED DISABLED PENDING_DELETE FROZEN kms_key_id String ID of the KMS CMK used to encrypt a secret value. description String Description of a secret create_time Long Secret creation time.
Click on the left and choose Security & Compliance > Data Encryption Workshop. In the navigation pane on the left, choose Cloud Secret Management Service > Secrets. Click Create Secret. Configure parameters in the Create Secret dialog box, as shown in Figure 1.
Its value can be: ENABLED DISABLED PENDING_DELETE FROZEN kms_key_id String ID of the KMS CMK used to encrypt a secret value. description String Description of a secret create_time Long Secret creation time.
