vpruthi/doc-exports
1
0
Fork 0
forked from docs/doc-exports
Code Pull Requests Activity
doc-exports/docs/obs/umn/obs_03_0421.html
zhangyue b55201d729 OBS UMN DOC 
Reviewed-by: Sabelnikov, Dmitriy <dmitriy.sabelnikov@t-systems.com>
Co-authored-by: zhangyue <zhangyue164@huawei.com>
Co-committed-by: zhangyue <zhangyue164@huawei.com>
2024-03-18 15:39:30 +00:00

48 lines
5.6 KiB
HTML
Raw Blame History

<a name="obs_03_0421"></a><a name="obs_03_0421"></a>
<h1 class="topictitle1">Uploading a File with Server-Side Encryption</h1>
<div id="body8662426"><p id="obs_03_0421__aed2516ba82354e5b9b4d88e6a638d1a2">OBS allows you to encrypt objects on the server side so that the objects can be securely stored in OBS.</p>
<div class="section" id="obs_03_0421__s0d643ba8bc99487da02b86a7664d2605"><h4 class="sectiontitle">Prerequisites</h4><p id="obs_03_0421__aa0af249de5034728b787a097e2866e92">The <strong id="obs_03_0421__b17501648163">KMS Administrator</strong> permission has been granted for the region where OBS is deployed. For details, see the <em id="obs_03_0421__i122616409295">Identity and Access Management User Guide</em>.</p>
<div class="note" id="obs_03_0421__note205189411276"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><p id="obs_03_0421__p1417124132815">A custom KMS Policy with a minimum required set of allowed actions for users to be able to upload and download objects with Server-Side Encryption is:</p>
<pre class="screen" id="obs_03_0421__screen16787121522815">{
"Version": "1.1",
"Statement": [
{
"Effect": "Allow",
"Action": [
"kms:dek:crypto",
"kms:dek:create",
"kms:cmk:get",
"kms:cmk:list",
"kms:cmk:generate",
"kms:cmk:crypto"
]
}
]
}</pre>
</div></div>
</div>
<div class="section" id="obs_03_0421__s4f1867b8336f4c5dbbc78cca2bf079e6"><h4 class="sectiontitle">Procedure</h4><ol id="obs_03_0421__o383ca1cbee8e404e84c0181666636765"><li id="obs_03_0421__l10b2c0b3271c42339a263dfb76633acb"><span>Log in to OBS Browser.</span></li><li id="obs_03_0421__l40e5711048ac4735bb00bdf493641e76"><span>In the upper right corner on the page, click <span><img id="obs_03_0421__image1047861716599" src="en-us_image_0237530299.png"></span>.</span></li><li id="obs_03_0421__l11ab3744627c4d039e451bf7e6b1a1e6"><span>Choose <strong id="obs_03_0421__b715844046185437">System Configuration</strong> &gt; <strong id="obs_03_0421__b1681319241185437">General</strong>. For details, see <a href="#obs_03_0421__fdd58a926a65c4dc39d5a7be42a9bb60c">Figure 1</a>.</span><p><div class="fignone" id="obs_03_0421__fdd58a926a65c4dc39d5a7be42a9bb60c"><a name="obs_03_0421__fdd58a926a65c4dc39d5a7be42a9bb60c"></a><a name="fdd58a926a65c4dc39d5a7be42a9bb60c"></a><span class="figcap"><b>Figure 1 </b>Configuring KMS encryption</span><br><span><img id="obs_03_0421__image12182237132511" src="en-us_image_0129858302.png" title="Click to enlarge" class="imgResize"></span></div>
</p></li><li id="obs_03_0421__l8bec9ff0bd224114839ae93171d80eb9"><span>Select <strong id="obs_03_0421__ae0237033593a4ea5bac23f5987b38d80">Enable HTTPS</strong> and <strong id="obs_03_0421__aa98a7a3644774b03bd21654a5be1e577">Enable KMS encryption</strong>.</span></li><li id="obs_03_0421__li17897132194513"><span>Click <strong id="obs_03_0421__b16448153617276">Save</strong>.</span></li><li id="obs_03_0421__li11372184811458"><span>Verify the encryption status.</span><p><p id="obs_03_0421__p119381848174518">After HTTPS and KMS encryption are enabled, objects uploaded to OBS are encrypted with keys provided by KMS. By default, the key <strong id="obs_03_0421__b112827793615">obs/default</strong> is used for encryption.</p>
<p id="obs_03_0421__p777995917443">After objects are uploaded, click <span><img id="obs_03_0421__iadf25d5b40ee47fc94cd2db2c130bd37" src="en-us_image_0237534488.png"></span> on the right of the object list. In the <strong id="obs_03_0421__a33fce9eabc8b40e39361145f83e58f99">Properties</strong> dialog box that is displayed, you can view the object encryption status. <strong id="obs_03_0421__b715845103171322">Yes</strong> indicates that server-side encryption has been implemented for the object. <strong id="obs_03_0421__a2e198555101c48f4b4c4ec4204d0bb24">No</strong> indicates that server-side encryption has not been implemented for the object. The object encryption status cannot be changed.</p>
<div class="note" id="obs_03_0421__note677995913447"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><p id="obs_03_0421__p1677925914446">HTTPS must be enabled when you enable KMS encryption to upload objects. Therefore, if you deselect <strong id="obs_03_0421__a5c461969c29b4d8fbd600b60d6e1437a">Enable HTTPS</strong>, <strong id="obs_03_0421__adbe1ff233106411fba39ac419f03d202">Enable KMS encryption</strong> is deselected automatically.</p>
</div></div>
<div class="fignone" id="obs_03_0421__fig678216595447"><span class="figcap"><b>Figure 2 </b>Encryption status</span><br><span><img id="obs_03_0421__image178211596444" src="en-us_image_0129858610.png" title="Click to enlarge" class="imgResize"></span></div>
<div class="note" id="obs_03_0421__note1478210599442"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><ul id="obs_03_0421__ul67821759114417"><li class="text" id="obs_03_0421__li13782759104412">Server-side encryption does not support HTTP. To use server-side encryption, enable HTTPS.</li><li id="obs_03_0421__li97822059144414">A key in use cannot be deleted. Otherwise, the object encrypted with this key cannot be downloaded.</li></ul>
</div></div>
</p></li></ol>
</div>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="obs_03_0419.html">Server-Side Encryption</a></div>
</div>
</div>
<script language="JavaScript">
<!--
image_size('.imgResize');
var msg_imageMax = "view original image";
var msg_imageClose = "close";
//--></script>
View Git Blame Copy Permalink