检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
The import private keys are encrypted by the keys provided by KMS, ensuring security for storage, import, and export of the private keys. You can download the private keys from the management console whenever you need.
The value is encrypted and stored in the initial version of the secret. Type: Base64-encoded binary data object Constraint: Either secret_binary or secret_string must be configured. The maximum size is 32 KB. secret_string No String Value of a new secret.
Table 9 ImportPrivateKeyProtection Parameter Type Description private_key String Private key of the imported SSH key pair. encryption Encryption object How a private key is encrypted and stored.
If an asymmetric key is imported, this parameter is used as a temporary intermediate key during private key encryption. encrypted_privatekey No String Private key encrypted using a temporary intermediate key. Specify this parameter if an asymmetric key is imported.
So public keys can be encrypted offline while private keys are decrypted online. The following shows an example: RSA_3072 is used for ENCRYPT_DECRYPT. After a public key is used to encrypt "hello world!" offline, decrypt-data is called to decrypt the message using a private key.
Only one of private_key_plain_text, wrapped_private_key, and ciphertext_recipient can have a value. wrapped_private_key String Ciphertext private key encrypted using the custom private key.
Only one of private_key_plain_text, wrapped_private_key, and ciphertext_recipient can have a value. wrapped_private_key String Ciphertext private key encrypted using the custom private key.
The content encrypted using the key and the generated data key cannot be decrypted. Before deleting a key, ensure that it is no longer in use. Otherwise, your service will be unavailable.
The key cannot be encrypted or decrypted. Use the correct key for encryption and decryption. 400 KMS.1115 Symmetric keys do not support to sign/verify. Signature verification is not supported for symmetric keys.
Table 5 KeyProtection Parameter Mandatory Type Description private_key No String Private key of the imported SSH key pair. encryption Yes Encryption object How a private key is encrypted and stored.
After a key is deleted, the data encrypted using the key cannot be decrypted. Canceling the scheduled deletion of a key Cancel a scheduled deletion of a key. Once the deletion is cancelled, the key can be used. Modifying the key alias Change the alias of a CMK.
Secret Value Secret key/value pair or the plaintext secret to be encrypted Secret value, the detailed content of a secret, is used to verify user identity or authorization during authentication. It can be of various forms, depending on the used authentication mechanism.
Table 6 KeyProtection Parameter Mandatory Type Description private_key No String Private key of the imported SSH key pair. encryption Yes Encryption object How a private key is encrypted and stored.
string with at most 128 bytes. sequence No String A 36-byte serial number of a request message, for example, 919c82d4-8046-4722-9094-35c3c6524cff Response Parameters Status code: 200 Table 4 Response body parameters Parameter Type Description key_id String Key ID. cipher_text String Encrypted
CipherText: ciphertext PIN sequence No String A 36-byte serial number of a request message, for example, 919c82d4-8046-4722-9094-35c3c6524cff Response Parameters Status code: 200 Table 4 Response body parameters Parameter Type Description key_id String Key ID. cipher_text String Encrypted
The backup file is encrypted and encoded and cannot be directly read.
If the CMK of a secret is updated, only the secret versions created after the update will be encrypted using the new CMK. The secret versions earlier than the update are still decrypted using the old CMK ID. description No String Description of a secret.
Using KMS to Encrypt Offline Data Encrypting or Decrypting Small Volumes of Data Encrypting or Decrypting a Large Amount of Data Parent topic: Key Management Service
Using a Key to Encrypt Data in OBS DEW is a cloud data encryption service. Key Management Service (KMS) provided by DEW is a secure, reliable, and easy-to-use cloud service that can help you manage and protect keys in a centralized manner. With KMS, you can create keys and use the
Using KMS to Encrypt and Decrypt Data for Cloud Services Overview Encrypting Data in ECS Encrypting Data in EVS Encrypting Data in IMS Encrypting Data in OBS Encrypting an RDS DB Instance Encrypting a DDS DB Instance Parent topic: Key Management Service
