检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
Using FunctionGraph to Encrypt and Decrypt Files in OBS Introduction Preparation Building a Program Adding an Event Source Processing Files Parent topic: Data Processing Practices
There are two types of API request protocols: HTTP: Data is not encrypted during transmission. HTTPS: Data is encrypted during transmission. HTTPS Method Mandatory. The request method of the API. In this example, ANY is used. ANY Timeout (ms) Mandatory.
Example: Value of encryptedUserData in plaintext: '{"password":"123"}' After AES-GCM encryption: {"nonce": "ZEUOREFaiahRbMz+K9xQwA==", "header": "aGVhZGVy", "ciphertext": "SCxXsffvpU1BF2Ci8a2RedNQ", "tag": "a+EYRVPOsQ+YpQkMuFg1wA=="} ciphertext is the encrypted value.
To obtain the DEW endpoint, see Regions and Endpoints. dew_key_id User master key ID. input_bucket OBS bucket for storing input files. output_bucket OBS bucket for storing encrypted and uploaded files. obs_endpoint OBS endpoint.
After encryption is enabled, key-value pairs are encrypted on the console and will remain encrypted during transmission. Preset Parameters The following lists preset parameters. Do not configure environment variables with the same names as any of these parameters.
Figure 3 Viewing function details Choose Configuration > Environment Variables, click Edit Environment Variable, add the AK/SK environment variables, enable Encrypted, and click OK.
Commercial use Managing Function Logs 2 Encryption settings Configuration information can be encrypted for display. Commercial use Encryption Settings 3 Function running for an ultra-long period You can set the function execution time to 43,200 seconds.
User Function Configuration Encrypted environment variables Sensitive information in user code, such as the AK/SK for accessing other cloud services and the password for accessing the database, can be transferred through encrypted environment variables.
Value range: 3s–259,200s. memory_size Integer Memory size. trigger_metadata_list Array of TriggerMetadataList objects Trigger information. temp_detail TempDetail object user_data String User data. encrypted_user_data String Encrypted user data. dependencies Array of strings Dependencies
State data is not encrypted during execution and persistence. Encrypt your sensitive data if any. Stateful functions do not support reserved instances. instanceName can contain 1 to 128 letters and digits.
Value range: 3s–259,200s. memory_size Integer Memory size. trigger_metadata_list Array of TriggerMetadataList objects Trigger information. temp_detail TempDetail object user_data String User data. encrypted_user_data String Encrypted user data. dependencies Array of strings Dependencies
User Configuration Security Sensitive information protection: If your code or configuration contains sensitive information, use encrypted environment variables to prevent sensitive information from being displayed in plaintext on the UI or in the results returned by APIs.
Table 1 Data protection technologies Technology Description Encrypted transmission All API requests and internal communications are encrypted using TLS 1.2 or later.
Preparation Create two OBS buckets to store uploaded and encrypted/decrypted files, respectively. Create an agency to delegate FunctionGraph to access OBS resources.
