检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
Function + DEW: Encrypting/Decrypting Files Introduction Preparation Building a Program Adding an Event Source Processing Files
Function + DEW: Encrypting/Decrypting Files Use FunctionGraph, Data Encryption Worksop (DEW), and OBS Application Service trigger to encrypt and decrypt specific files. DEW uses the hardware security module (HSM) to protect keys.
Parent topic: Function + DEW: Encrypting/Decrypting Files
Parent topic: Function + DEW: Encrypting/Decrypting Files
Figure 2 Encrypting environment variables Function public access configuration Public access: By default, a function can access the public network. All tenants share the bandwidth, which may cause external network attacks.
authorization policy is as follows: { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": "kms:Decrypt", "Resource": "arn:huaweicloud:kms:REGION:ACCOUNT_ID:keyring/kms-ring-123456/key/kms-key-123456" } ] } Add the KMS SDK code snippet to obtain the key for encrypting
Figure 2 Output file Parent topic: Function + DEW: Encrypting/Decrypting Files
operations in this tutorial, your account will have the following resources: Two OBS buckets (for storing uploaded and processed files respectively) A file encryption/decryption function An OBS trigger for associating the function with the OBS buckets Parent topic: Function + DEW: Encrypting
Parent topic: Function + DEW: Encrypting/Decrypting Files
AK/SK-based authentication: Requests are authenticated by encrypting the request body using an AK/SK. Token-based Authentication The validity period of a token is 24 hours.