检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
Step 3: Performing a Simulated Encryption Test Before encrypting a database table, perform a simulation encryption test to check whether the database meets the encryption requirements. Log in to the web console of the instance as user sysadmin.
Setting Encryption Parameters Set ciphertext encoding mode after encryption. The encoding mode can be hexadecimal or BASE64. If you want to support fuzzy search, the encryption parameter must be set to hexadecimal format. Constraint You can change the ciphertext encoding mode only
Listing Database Encryption Instances Function Listing Database Encryption Instances URI POST /v2/{project_id}/db-encrypt/instances Table 1 Path Parameters Parameter Mandatory Type Description project_id Yes String Definition: Project ID You can obtain the value by calling the IAM
Data Encryption and Decryption Setting Encryption Parameters Checking the Encryption Algorithm Simulated Encryption Test Configuring an Encryption Task Managing Authorization Simulated Decryption Test Configuring a Decryption Task Encryption Table Management Rolling Back the Table
Simulated Encryption Test Before configuring the encryption task, you are advised to perform a simulated encryption test to check whether the encryption is normal. Procedure Log in to a database encryption and access control instance as the sysadmin user. In the navigation tree, choose
Encryption Table Management For encrypted tables, functions such as Edit Index and Edit Non-encrypted Column are supported on the web page. Editing Index When the data volume is large (for example, more than 10 million rows), querying encrypted columns is time-consuming. You can add
Encryption Enhancement Management Listing Database Encryption Instances Changing the Name of a Database Encryption Instance Unbinding an EIP from an Encrypted Database Instance Binding the EIP of the Database Encryption Instance Changing the Security Group of an Encrypted Instance
Querying Encryption or Enhanced O&M Quotas Function This API is used to query the encryption/O&M enhancement quota. URI GET /v1/{project_id}/instance/quota Table 1 Path Parameters Parameter Mandatory Type Description project_id Yes String Definition: Project ID. You can obtain the
Database Security Encryption Instance Management On the management console, you can restart, disable, and unbind EIP from database instances. Log in to the management console. Select a region, click , and choose Security & Compliance > Database Security Service. The Dashboard page
Binding the EIP of the Database Encryption Instance Function Bind the EIP of the database encryption instance. URI POST /v1/{project_id}/db-encrypt/{instance_id}/eip/bind Table 1 Path Parameters Parameter Mandatory Type Description project_id Yes String Definition: Project ID. You
Database Security Encryption Management Instance Management Database Security Encryption Instance Management System Administrator Operation Guide Security Administrator Operation Guide Operation Guide for Audit Administrators
Starting the Database Encryption Instance Function This API is used to start an encrypted database instance. URI POST /v1/{project_id}/db-encrypt/{instance_id}/start Table 1 Path Parameters Parameter Mandatory Type Description project_id Yes String Definition: Project ID. You can
Figure 1 Network Mode Encrypting Data The system supports data encryption and integrity verification, meeting the evaluation requirements of graded protection and sub-protection as well as the evaluation requirements of storage data integrity and confidentiality assurance in the application
Stopping a Database Encryption Instance Function This API is used to stop an encrypted database instance. URI POST /v1/{project_id}/db-encrypt/{instance_id}/stop Table 1 Path Parameters Parameter Mandatory Type Description project_id Yes String Definition: Project ID. You can obtain
Creating an Encryption Task in the Result You can create an encryption task based on the sensitive data discovery result. This section describes how to create an encryption task in the result. Before configuring the encryption task, you are advised to perform a simulated encryption
Checking the Encryption Algorithm After a key is initialized, the system generates the corresponding encryption algorithm. You can view the encryption algorithms supported by the system on the View Algorithm page. Prerequisites Ensure that the key has been initialized. For details
Enabling and Using Database Security Encryption Introduction to Database Encryption and Access Control Step 1: Buy Database Security Encryption Step 2: Logging In to the Instance Web Console System Function Configuration and Application Scenario Examples
If the resource usage exceeds the threshold, the system stops encrypting data to reduce the impact on services. You are advised to set the following parameters if possible. Host IP Host IP address. Host Port SSH service port of the host. The default SSH service port is 22.
Configuring an Encryption Task If you are familiar with the database table structure, add it on the Encryption Task Management page. After encryption is configured, unauthorized users can view only the ciphertext when querying the database information. If you are not familiar with
Changing the Name of a Database Encryption Instance Function This API is used to change the name of a database encryption instance. URI PUT /v1/{project_id}/db-encrypt/{instance_id}/name Table 1 Path Parameters Parameter Mandatory Type Description project_id Yes String Definition:
