检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
Typical Configuration of the Decryption Function After database assets are encrypted, they do not need to be encrypted if services are changed. In this case, you need to restore the database table by using the decryption function and the table structure rollback function.
Figure 13 Encrypted data Parent topic: System Function Configuration and Application Scenario Examples
Purchasing an Encrypted Database Instance in Yearly/Monthly Mode Function Buying a Database Encryption Instance in Pay-per-Use Mode URI POST /v2/{project_id}/db-encrypt/charge/period/order Table 1 Path Parameters Parameter Mandatory Type Description project_id Yes String Definition
Unbinding an EIP from an Encrypted Database Instance Function Unbind an EIP from a database encryption instance.
Deleting an Encrypted Database Instance Function This API is used to delete an encrypted database instance. URI DELETE /v1/{project_id}/db-encrypt/{instance_id} Table 1 Path Parameters Parameter Mandatory Type Description project_id Yes String Definition: Project ID.
Resetting the Password of an Encrypted Database Instance Function This API Is used to reset the password of a database encryption instance.
Prerequisites The table to be decrypted has been encrypted in the encryption task, that is, Configuring an Encryption Task has been completed. Procedure Log in to a database encryption and access control instance as the sysadmin user.
In the list, view the list of encrypted tables. You can search for the target encrypted table by schema and table name. Locate the target encrypted table and click Edit Non-encrypted Column. In the displayed page, click Add Column.
Authorized users can access encrypted data, but unauthorized users cannot access encrypted data. This effectively prevents administrators from accessing the database without authorization and hackers from dragging the database.
Restarting an Encrypted Database Instance Function This API is used to restart an encrypted database instance.
Resetting the Password of an Encrypted Database Instance Restarting an Encrypted Database Instance Stopping a Database Encryption Instance Starting the Database Encryption Instance Deleting an Encrypted Database Instance Purchasing an Encrypted Database Instance in Yearly/Monthly
Changing the Security Group of an Encrypted Instance Function This API is used to change the security group of a database encryption instance.
/Recommended Maximum Encrypted Columns Number of encrypted columns and the allowed maximum Number of Columns Masked/Recommended Maximum Masked Columns Maximum number of masked columns and the current number of masked columns Bypass Plugin Count Allowed number of bypass services Parent
Starting the Database Encryption Instance Function This API is used to start an encrypted database instance. URI POST /v1/{project_id}/db-encrypt/{instance_id}/start Table 1 Path Parameters Parameter Mandatory Type Description project_id Yes String Definition: Project ID.
A user whose IP address is 192.168.0.105 can only view encrypted data when accessing the database uses non-WordPress in proxy mode. A user whose IP address is 192.168.3.105 can only view encrypted data when accessing the database uses WordPress in proxy mode.
The query result is encrypted data, as shown in Figure 5. Figure 5 Encrypted data Parent topic: Sensitive Data Discovery
Stopping a Database Encryption Instance Function This API is used to stop an encrypted database instance. URI POST /v1/{project_id}/db-encrypt/{instance_id}/stop Table 1 Path Parameters Parameter Mandatory Type Description project_id Yes String Definition: Project ID.
It is encrypted by RK for storage. Data encryption key (DEK) Generated during initialization when an encryption task is added. It is encrypted by DSK for storage. Procedure Log in to database encryption and access control.
Figure 3 Encryption task After the encryption is complete, only encrypted data can be queried by unauthorized users. Figure 4 Encrypted data Related Operations In the task list, you can manage encrypted tasks.
Configuring a Decryption Task If the database does not need to be encrypted, you can configure a decryption task. After decryption is configured, the information in the corresponding database column changes to the plaintext data.
