vpruthi/doc-exports
1
0
Fork 0
forked from docs/doc-exports
Code Pull Requests Activity
doc-exports/docs/obs/api-ref/obs_04_0062.html
Jawei, Li f1cb839979 OBS api-ref 2.0.38.SP5 
Reviewed-by: gtema <artem.goncharov@gmail.com>
Co-authored-by: Jawei, Li <lijiawei5@huawei.com>
Co-committed-by: Jawei, Li <lijiawei5@huawei.com>
2022-11-03 11:54:51 +00:00

197 lines
13 KiB
HTML
Raw Blame History

<a name="obs_04_0062"></a><a name="obs_04_0062"></a>
<h1 class="topictitle1">Configuring Bucket Encryption</h1>
<div id="body1549963978429"><div class="section" id="obs_04_0062__section154118471125"><h4 class="sectiontitle">Functions</h4><p id="obs_04_0062__p199653120135">OBS uses the PUT method to create or update the default server-side encryption for a bucket.</p>
<p id="obs_04_0062__p15667131417392">After encryption is enabled for a bucket, objects uploaded to the bucket are encrypted with the encryption configuration the bucket. Currently, it only supports the server-side encryption using keys hosted by KMS (SSE-KMS). For details about SSE-KMS, see <a href="obs_04_0106.html">Server-Side Encryption (SSE-KMS)</a>.</p>
<p id="obs_04_0062__p55541638152311">To perform this operation, you must have the permission to configure encryption for the bucket. By default, the bucket owner has this permission and can assign this permission to other users.</p>
</div>
<div class="section" id="obs_04_0062__section4392141416911"><h4 class="sectiontitle">Request Syntax</h4><div class="codecoloring" codetype="Xml" id="obs_04_0062__screen656246211548"><table class="highlighttable"><tr><td class="linenos"><div class="linenodiv"><pre> 1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17</pre></div></td><td class="code"><div class="highlight"><pre><span></span>PUT /?encryption HTTP/1.1
User-Agent: curl/7.29.0
Host: bucketname.obs.region.example.com
Accept: */*
Date: date
Authorization: authorization string
Content-Length: length
<span class="nt">&lt;ServerSideEncryptionConfiguration&gt;</span>
<span class="nt">&lt;Rule&gt;</span>
<span class="nt">&lt;ApplyServerSideEncryptionByDefault&gt;</span>
<span class="nt">&lt;SSEAlgorithm&gt;</span>kms<span class="nt">&lt;/SSEAlgorithm&gt;</span>
<span class="nt">&lt;KMSMasterKeyID&gt;</span>kmskeyid-value<span class="nt">&lt;/KMSMasterKeyID&gt;</span>
<span class="nt">&lt;ProjectID&gt;</span>projectid<span class="nt">&lt;/ProjectID&gt;</span>
<span class="nt">&lt;/ApplyServerSideEncryptionByDefault&gt;</span>
<span class="nt">&lt;/Rule&gt;</span>
<span class="nt">&lt;/ServerSideEncryptionConfiguration&gt;</span>
</pre></div>
</td></tr></table></div>
</div>
<div class="section" id="obs_04_0062__section5883101142415"><h4 class="sectiontitle">Request parameters</h4><p id="obs_04_0062__p174461242241">This request contains no parameter.</p>
</div>
<div class="section" id="obs_04_0062__section1363153342420"><h4 class="sectiontitle">Request Headers</h4><p id="obs_04_0062__p146681635112411">This request uses common headers. For details, see <a href="obs_04_0007.html#obs_04_0007__table25197309">Table 3</a>.</p>
</div>
<div class="section" id="obs_04_0062__section7215381270"><h4 class="sectiontitle">Request Elements</h4><p id="obs_04_0062__p13726103911272">In this request, you need to carry the bucket encryption configuration in the request body. The bucket encryption configuration information is uploaded in the XML format. <a href="#obs_04_0062__table1181123018399">Table 1</a> lists the configuration elements.</p>
<div class="tablenoborder"><a name="obs_04_0062__table1181123018399"></a><a name="table1181123018399"></a><table cellpadding="4" cellspacing="0" summary="" id="obs_04_0062__table1181123018399" frame="border" border="1" rules="all"><caption><b>Table 1 </b>Configuration elements of bucket encryption</caption><thead align="left"><tr id="obs_04_0062__row2018917307393"><th align="left" class="cellrowborder" valign="top" width="32.95%" id="mcps1.3.5.3.2.4.1.1"><p id="obs_04_0062__p19190143043913">Header</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="56.57%" id="mcps1.3.5.3.2.4.1.2"><p id="obs_04_0062__p019273012397">Description</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="10.48%" id="mcps1.3.5.3.2.4.1.3"><p id="obs_04_0062__p2195113033915">Mandatory</p>
</th>
</tr>
</thead>
<tbody><tr id="obs_04_0062__row7197230193913"><td class="cellrowborder" valign="top" width="32.95%" headers="mcps1.3.5.3.2.4.1.1 "><p id="obs_04_0062__p125361017184212">ServerSideEncryptionConfiguration</p>
</td>
<td class="cellrowborder" valign="top" width="56.57%" headers="mcps1.3.5.3.2.4.1.2 "><p id="obs_04_0062__p6536111718422">Root element of the default encryption configuration of a bucket.</p>
<p id="obs_04_0062__p85368172423">Type: element</p>
<p id="obs_04_0062__p125365178429">Ancestor: none</p>
<p id="obs_04_0062__p1555484273118">Children: Rule</p>
</td>
<td class="cellrowborder" valign="top" width="10.48%" headers="mcps1.3.5.3.2.4.1.3 "><p id="obs_04_0062__p553681720423">Yes</p>
</td>
</tr>
<tr id="obs_04_0062__row12641636422"><td class="cellrowborder" valign="top" width="32.95%" headers="mcps1.3.5.3.2.4.1.1 "><p id="obs_04_0062__p3911152616425">Rule</p>
</td>
<td class="cellrowborder" valign="top" width="56.57%" headers="mcps1.3.5.3.2.4.1.2 "><p id="obs_04_0062__p591252604217">Sub-element of the default encryption configuration of a bucket.</p>
<p id="obs_04_0062__p391202634216">Type: element</p>
<p id="obs_04_0062__p4912142604210">Root element: ServerSideEncryptionConfiguration</p>
<p id="obs_04_0062__p83382043312">Sub-element: ApplyServerSideEncryptionByDefault</p>
</td>
<td class="cellrowborder" valign="top" width="10.48%" headers="mcps1.3.5.3.2.4.1.3 "><p id="obs_04_0062__p3912326144211">Yes</p>
</td>
</tr>
<tr id="obs_04_0062__row944320444211"><td class="cellrowborder" valign="top" width="32.95%" headers="mcps1.3.5.3.2.4.1.1 "><p id="obs_04_0062__p163325395428">ApplyServerSideEncryptionByDefault</p>
</td>
<td class="cellrowborder" valign="top" width="56.57%" headers="mcps1.3.5.3.2.4.1.2 "><p id="obs_04_0062__p8333639114218">Sub-element of the default encryption configuration of a bucket.</p>
<p id="obs_04_0062__p1233323919429">Type: element</p>
<p id="obs_04_0062__p0333163974214">Ancestor: Rule</p>
<p id="obs_04_0062__p2559123813510">Children: SSEAlgorithm, KMSMasterKeyID</p>
</td>
<td class="cellrowborder" valign="top" width="10.48%" headers="mcps1.3.5.3.2.4.1.3 "><p id="obs_04_0062__p333319390424">Yes</p>
</td>
</tr>
<tr id="obs_04_0062__row1314615104218"><td class="cellrowborder" valign="top" width="32.95%" headers="mcps1.3.5.3.2.4.1.1 "><p id="obs_04_0062__p11495174818425">SSEAlgorithm</p>
</td>
<td class="cellrowborder" valign="top" width="56.57%" headers="mcps1.3.5.3.2.4.1.2 "><p id="obs_04_0062__p74952488427">Server-side encryption algorithm used for the default encryption configuration of a bucket.</p>
<p id="obs_04_0062__p1349514814423">Type: string</p>
<p id="obs_04_0062__p149512481428">Valid values: <strong id="obs_04_0062__b394583095618">kms</strong></p>
<p id="obs_04_0062__p1089135793715">Root element: ApplyServerSideEncryptionByDefault</p>
</td>
<td class="cellrowborder" valign="top" width="10.48%" headers="mcps1.3.5.3.2.4.1.3 "><p id="obs_04_0062__p18495154864216">Yes</p>
</td>
</tr>
<tr id="obs_04_0062__row13866105154213"><td class="cellrowborder" valign="top" width="32.95%" headers="mcps1.3.5.3.2.4.1.1 "><p id="obs_04_0062__p196161654134219"><span style="color:#444444;">KMSMasterKeyID</span></p>
</td>
<td class="cellrowborder" valign="top" width="56.57%" headers="mcps1.3.5.3.2.4.1.2 "><p id="obs_04_0062__p19616854174215">Customer master key (CMK) used in SSE-KMS encryption mode. If you do not specify this header, the default master key will be used.</p>
<p id="obs_04_0062__p7616135414424">Type: string</p>
<p id="obs_04_0062__p6679135313114">Valid value formats are as follows:</p>
<ol id="obs_04_0062__ol28871657184419"><li id="obs_04_0062__li388775774418"><em id="obs_04_0062__i1860613405">regionID:domainID (account ID)</em>:key/<em id="obs_04_0062__i143414910018">key_id</em></li><li id="obs_04_0062__li1216183134518">key_id</li></ol>
<p id="obs_04_0062__p5150033112717">In the preceding formats:</p>
<ul id="obs_04_0062__ul1812312350279"><li id="obs_04_0062__li48526363273"><strong id="obs_04_0062__b1038415751119">regionID</strong> indicates the ID of the region where the key resides.</li><li id="obs_04_0062__li453410383271"><strong id="obs_04_0062__b936597181510">domainID</strong> indicates the ID of the account to which the key belongs. For details about how to obtain the domain ID, see <a href="obs_04_0117.html">Obtaining the Domain ID and User ID</a>.</li><li id="obs_04_0062__li2123235142713"><strong id="obs_04_0062__b1550424416164">key_id</strong> indicates the ID of the key created inKMS. </li></ul>
<p id="obs_04_0062__p2616105415423">Root element: ApplyServerSideEncryptionByDefault</p>
</td>
<td class="cellrowborder" valign="top" width="10.48%" headers="mcps1.3.5.3.2.4.1.3 "><p id="obs_04_0062__p11616115484210">No</p>
</td>
</tr>
<tr id="obs_04_0062__row1629094482718"><td class="cellrowborder" valign="top" width="32.95%" headers="mcps1.3.5.3.2.4.1.1 "><p id="obs_04_0062__p22901644122713">ProjectID</p>
</td>
<td class="cellrowborder" valign="top" width="56.57%" headers="mcps1.3.5.3.2.4.1.2 "><p id="obs_04_0062__p19849131082815">ID of the project to which the KMS master key belongs in the SSE-KMS mode.</p>
<p id="obs_04_0062__p198201472915">Type: string</p>
<p id="obs_04_0062__p1232921112811">Valid values:</p>
<ol id="obs_04_0062__ol1129819314321"><li id="obs_04_0062__li429833110328">Project ID that matches <strong id="obs_04_0062__b0176124019435">KMSMasterKeyID</strong>.</li><li id="obs_04_0062__li128069579328">If <strong id="obs_04_0062__b17727124917431">KMSMasterKeyID</strong> is not specified, do not set the project ID.</li></ol>
<p id="obs_04_0062__p152901844162714">Ancestor: <strong id="obs_04_0062__b51428275448">ApplyServerSideEncryptionByDefault</strong></p>
</td>
<td class="cellrowborder" valign="top" width="10.48%" headers="mcps1.3.5.3.2.4.1.3 "><p id="obs_04_0062__p112907442274">No</p>
</td>
</tr>
</tbody>
</table>
</div>
</div>
<div class="section" id="obs_04_0062__section126840198427"><h4 class="sectiontitle">Response Syntax</h4><div class="codecoloring" codetype="Xml" id="obs_04_0062__screen34072248"><table class="highlighttable"><tr><td class="linenos"><div class="linenodiv"><pre>1
2
3</pre></div></td><td class="code"><div class="highlight"><pre><span></span>HTTP/1.1 status_code
Date: date
Content-Length: length
</pre></div>
</td></tr></table></div>
</div>
<div class="section" id="obs_04_0062__section1111516502421"><h4 class="sectiontitle">Response Headers</h4><p class="msonormal" id="obs_04_0062__p1512332591013">The response to the request uses common headers. For details, see <a href="obs_04_0013.html#obs_04_0013__d0e686">Table 1</a>.</p>
</div>
<div class="section" id="obs_04_0062__section1684610713438"><h4 class="sectiontitle">Response Elements</h4><p id="obs_04_0062__p128781711134314">This response contains no element.</p>
</div>
<div class="section" id="obs_04_0062__section1821915316431"><h4 class="sectiontitle">Error Responses</h4><p id="obs_04_0062__p184128334439">No special error responses are returned. For details about error responses, see <a href="obs_04_0115.html#obs_04_0115__d0e843">Table 2</a>.</p>
</div>
<div class="section" id="obs_04_0062__section521982018473"><h4 class="sectiontitle">Sample Request</h4><div class="codecoloring" codetype="Xml" id="obs_04_0062__screen8484163863919"><table class="highlighttable"><tr><td class="linenos"><div class="linenodiv"><pre> 1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17</pre></div></td><td class="code"><div class="highlight"><pre><span></span>PUT /?encryption HTTP/1.1
User-Agent: curl/7.29.0
Host: examplebucket.obs.region.example.com
Accept: */*
Date: Thu, 21 Feb 2019 03:05:34 GMT
Authorization: OBS H4IPJX0TQTHTHEBQQCEC:DpSAlmLX/BTdjxU5HOEwflhM0WI=
Content-Length: 778
<span class="cp">&lt;?xml version=&quot;1.0&quot; encoding=&quot;UTF-8&quot; standalone=&quot;yes&quot;?&gt;</span>
<span class="nt">&lt;ServerSideEncryptionConfiguration</span> <span class="na">xmlns=</span><span class="s">&quot;http://obs.region.example.com/doc/2015-06-30/&quot;</span><span class="nt">&gt;</span>
<span class="nt">&lt;Rule&gt;</span>
<span class="nt">&lt;ApplyServerSideEncryptionByDefault&gt;</span>
<span class="nt">&lt;SSEAlgorithm&gt;</span>kms<span class="nt">&lt;/SSEAlgorithm&gt;</span>
<span class="nt">&lt;KMSMasterKeyID&gt;</span>4f1cd4de-ab64-4807-920a-47fc42e7f0d0<span class="nt">&lt;/KMSMasterKeyID&gt;</span>
<span class="nt">&lt;/ApplyServerSideEncryptionByDefault&gt;</span>
<span class="nt">&lt;/Rule&gt;</span>
<span class="nt">&lt;/ServerSideEncryptionConfiguration&gt;</span>
</pre></div>
</td></tr></table></div>
</div>
<div class="section" id="obs_04_0062__section76081155815"><h4 class="sectiontitle">Sample Response</h4><div class="codecoloring" codetype="Xml" id="obs_04_0062__screen8485113814"><table class="highlighttable"><tr><td class="linenos"><div class="linenodiv"><pre>1
2
3
4
5
6</pre></div></td><td class="code"><div class="highlight"><pre><span></span>HTTP/1.1 200 OK
Server: OBS
x-obs-request-id: BF26000001643670AC06E7B9A7767921
x-obs-id-2: 32AAAQAAEAABSAAgAAEAABAAAQAAEAABCSvK6z8HV6nrJh49gsB5vqzpgtohkiFm
Date: Thu, 21 Feb 2019 03:05:34 GMT
Content-Length: 0
</pre></div>
</td></tr></table></div>
</div>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="obs_04_0026.html">Advanced Bucket Settings</a></div>
</div>
</div>
View Git Blame Copy Permalink