vpruthi/doc-exports
1
0
Fork 0
forked from docs/doc-exports
Code Pull Requests Activity
doc-exports/docs/obs/api-ref/obs_04_0062.html
zhangyue d5b1108742 OBS API DOC 
Reviewed-by: Sabelnikov, Dmitriy <dmitriy.sabelnikov@t-systems.com>
Co-authored-by: zhangyue <zhangyue164@huawei.com>
Co-committed-by: zhangyue <zhangyue164@huawei.com>
2023-10-16 12:27:49 +00:00

201 lines
16 KiB
HTML
Raw Blame History

<a name="obs_04_0062"></a><a name="obs_04_0062"></a>
<h1 class="topictitle1">Configuring Bucket Encryption</h1>
<div id="body1549963978429"><div class="section" id="obs_04_0062__section154118471125"><h4 class="sectiontitle">Functions</h4><p id="obs_04_0062__p199653120135">OBS uses the PUT method to create or update the default server-side encryption for a bucket.</p>
<p id="obs_04_0062__p15667131417392">After encryption is enabled for a bucket, objects uploaded to the bucket are encrypted with the encryption configuration the bucket. Currently, it only supports the server-side encryption using keys hosted by KMS (SSE-KMS). For details about SSE-KMS, see <a href="obs_04_0106.html">Server-Side Encryption (SSE-KMS)</a>.</p>
<p id="obs_04_0062__p55541638152311">To perform this operation, you must have the permission to configure encryption for the bucket. By default, the bucket owner has this permission and can assign this permission to other users.</p>
</div>
<div class="section" id="obs_04_0062__section4392141416911"><h4 class="sectiontitle">Request Syntax</h4><div class="codecoloring" codetype="Xml" id="obs_04_0062__screen656246211548"><div class="highlight"><table class="highlighttable"><tr><td class="linenos"><div class="linenodiv"><pre><span class="normal"> 1</span>
<span class="normal"> 2</span>
<span class="normal"> 3</span>
<span class="normal"> 4</span>
<span class="normal"> 5</span>
<span class="normal"> 6</span>
<span class="normal"> 7</span>
<span class="normal"> 8</span>
<span class="normal"> 9</span>
<span class="normal">10</span>
<span class="normal">11</span>
<span class="normal">12</span>
<span class="normal">13</span>
<span class="normal">14</span>
<span class="normal">15</span>
<span class="normal">16</span></pre></div></td><td class="code"><div><pre><span></span>PUT<span class="w"> </span>/?encryption<span class="w"> </span>HTTP/1.1
User-Agent:<span class="w"> </span>curl/7.29.0
Host:<span class="w"> </span>bucketname.obs.region.example.com
Accept:<span class="w"> </span>*/*
Date:<span class="w"> </span>date<span class="w"> </span>
Authorization:<span class="w"> </span>authorization<span class="w"> </span>string
Content-Length:<span class="w"> </span>length
<span class="nt">&lt;ServerSideEncryptionConfiguration&gt;</span>
<span class="w"> </span><span class="nt">&lt;Rule&gt;</span>
<span class="w"> </span><span class="nt">&lt;ApplyServerSideEncryptionByDefault&gt;</span>
<span class="w"> </span><span class="nt">&lt;SSEAlgorithm&gt;</span>kms<span class="nt">&lt;/SSEAlgorithm&gt;</span>
<span class="w"> </span><span class="nt">&lt;KMSMasterKeyID&gt;</span>kmskeyid-value<span class="nt">&lt;/KMSMasterKeyID&gt;</span>
<span class="w"> </span><span class="nt">&lt;/ApplyServerSideEncryptionByDefault&gt;</span>
<span class="w"> </span><span class="nt">&lt;/Rule&gt;</span>
<span class="nt">&lt;/ServerSideEncryptionConfiguration&gt;</span>
</pre></div></td></tr></table></div>
</div>
</div>
<div class="section" id="obs_04_0062__section5883101142415"><h4 class="sectiontitle">Request parameters</h4><p id="obs_04_0062__p174461242241">This request contains no message parameters.</p>
</div>
<div class="section" id="obs_04_0062__section1363153342420"><h4 class="sectiontitle">Request Headers</h4><p id="obs_04_0062__p146681635112411">This request uses common headers. For details, see <a href="obs_04_0007.html#obs_04_0007__table25197309">Table 3</a>.</p>
</div>
<div class="section" id="obs_04_0062__section7215381270"><h4 class="sectiontitle">Request Elements</h4><p id="obs_04_0062__p13726103911272">In this request, you need to carry the bucket encryption configuration in the request body. The bucket encryption configuration information is uploaded in the XML format. <a href="#obs_04_0062__table1181123018399">Table 1</a> lists the configuration elements.</p>
<div class="tablenoborder"><a name="obs_04_0062__table1181123018399"></a><a name="table1181123018399"></a><table cellpadding="4" cellspacing="0" summary="" id="obs_04_0062__table1181123018399" frame="border" border="1" rules="all"><caption><b>Table 1 </b>Configuration elements of bucket encryption</caption><thead align="left"><tr id="obs_04_0062__row2018917307393"><th align="left" class="cellrowborder" valign="top" width="32.95%" id="mcps1.3.5.3.2.4.1.1"><p id="obs_04_0062__p19190143043913">Header</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="56.57%" id="mcps1.3.5.3.2.4.1.2"><p id="obs_04_0062__p019273012397">Description</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="10.48%" id="mcps1.3.5.3.2.4.1.3"><p id="obs_04_0062__p2195113033915">Mandatory</p>
</th>
</tr>
</thead>
<tbody><tr id="obs_04_0062__row7197230193913"><td class="cellrowborder" valign="top" width="32.95%" headers="mcps1.3.5.3.2.4.1.1 "><p id="obs_04_0062__p125361017184212">ServerSideEncryptionConfiguration</p>
</td>
<td class="cellrowborder" valign="top" width="56.57%" headers="mcps1.3.5.3.2.4.1.2 "><p id="obs_04_0062__p6536111718422">Root element of the default encryption configuration of a bucket.</p>
<p id="obs_04_0062__p85368172423">Type: container</p>
<p id="obs_04_0062__p125365178429">Ancestor: none</p>
<p id="obs_04_0062__p1555484273118">Children: Rule</p>
</td>
<td class="cellrowborder" valign="top" width="10.48%" headers="mcps1.3.5.3.2.4.1.3 "><p id="obs_04_0062__p553681720423">Yes</p>
</td>
</tr>
<tr id="obs_04_0062__row12641636422"><td class="cellrowborder" valign="top" width="32.95%" headers="mcps1.3.5.3.2.4.1.1 "><p id="obs_04_0062__p3911152616425">Rule</p>
</td>
<td class="cellrowborder" valign="top" width="56.57%" headers="mcps1.3.5.3.2.4.1.2 "><p id="obs_04_0062__p591252604217">Sub-element of the default encryption configuration of a bucket.</p>
<p id="obs_04_0062__p391202634216">Type: container</p>
<p id="obs_04_0062__p4912142604210">Ancestor: ServerSideEncryptionConfiguration</p>
<p id="obs_04_0062__p83382043312">Children: ApplyServerSideEncryptionByDefault</p>
</td>
<td class="cellrowborder" valign="top" width="10.48%" headers="mcps1.3.5.3.2.4.1.3 "><p id="obs_04_0062__p3912326144211">Yes</p>
</td>
</tr>
<tr id="obs_04_0062__row944320444211"><td class="cellrowborder" valign="top" width="32.95%" headers="mcps1.3.5.3.2.4.1.1 "><p id="obs_04_0062__p163325395428">ApplyServerSideEncryptionByDefault</p>
</td>
<td class="cellrowborder" valign="top" width="56.57%" headers="mcps1.3.5.3.2.4.1.2 "><p id="obs_04_0062__p8333639114218">Sub-element of the default encryption configuration of a bucket.</p>
<p id="obs_04_0062__p1233323919429">Type: container</p>
<p id="obs_04_0062__p0333163974214">Ancestor: Rule</p>
<p id="obs_04_0062__p2559123813510">Children: SSEAlgorithm, KMSMasterKeyID</p>
</td>
<td class="cellrowborder" valign="top" width="10.48%" headers="mcps1.3.5.3.2.4.1.3 "><p id="obs_04_0062__p333319390424">Yes</p>
</td>
</tr>
<tr id="obs_04_0062__row1314615104218"><td class="cellrowborder" valign="top" width="32.95%" headers="mcps1.3.5.3.2.4.1.1 "><p id="obs_04_0062__p11495174818425">SSEAlgorithm</p>
</td>
<td class="cellrowborder" valign="top" width="56.57%" headers="mcps1.3.5.3.2.4.1.2 "><p id="obs_04_0062__p74952488427">Server-side encryption algorithm used for the default encryption configuration of a bucket.</p>
<p id="obs_04_0062__p1349514814423">Type: string</p>
<p id="obs_04_0062__p149512481428">Value options: <strong id="obs_04_0062__b394583095618">kms</strong></p>
<p id="obs_04_0062__p1089135793715">Ancestor: ApplyServerSideEncryptionByDefault</p>
</td>
<td class="cellrowborder" valign="top" width="10.48%" headers="mcps1.3.5.3.2.4.1.3 "><p id="obs_04_0062__p18495154864216">Yes</p>
</td>
</tr>
<tr id="obs_04_0062__row13866105154213"><td class="cellrowborder" valign="top" width="32.95%" headers="mcps1.3.5.3.2.4.1.1 "><p id="obs_04_0062__p196161654134219"><span style="color:#444444;">KMSMasterKeyID</span></p>
</td>
<td class="cellrowborder" valign="top" width="56.57%" headers="mcps1.3.5.3.2.4.1.2 "><p id="obs_04_0062__p19616854174215">Customer master key (CMK) used in SSE-KMS encryption mode. If you do not specify this header, the default master key will be used.</p>
<p id="obs_04_0062__p7616135414424">Type: string</p>
<p id="obs_04_0062__p6679135313114">Valid value formats are as follows:</p>
<ol id="obs_04_0062__ol28871657184419"><li id="obs_04_0062__li388775774418"><em id="obs_04_0062__i513511341548">regionID:domainID (account ID)</em><strong id="obs_04_0062__b10135133425411">:key/</strong><em id="obs_04_0062__i41351334115418">key_id</em></li><li id="obs_04_0062__li1216183134518"><em id="obs_04_0062__i18971441107541">key_id</em></li></ol>
<p id="obs_04_0062__p5150033112717">In the preceding formats:</p>
<ul id="obs_04_0062__ul1812312350279"><li id="obs_04_0062__li48526363273"><em id="obs_04_0062__i1082183695015">regionID</em> indicates the ID of the region where the key resides.</li><li id="obs_04_0062__li453410383271"><em id="obs_04_0062__i8343117105118">domainID</em> indicates the ID of the domain to which the key belongs. For details, see <a href="obs_04_0117.html">Obtaining the Domain ID and User ID</a>.</li><li id="obs_04_0062__li2123235142713"><em id="obs_04_0062__i339792814549">key_id</em> indicates the ID of the key created in KMS.</li></ul>
<p id="obs_04_0062__p2616105415423">Ancestor: ApplyServerSideEncryptionByDefault</p>
</td>
<td class="cellrowborder" valign="top" width="10.48%" headers="mcps1.3.5.3.2.4.1.3 "><p id="obs_04_0062__p11616115484210">No</p>
</td>
</tr>
<tr id="obs_04_0062__row1629094482718"><td class="cellrowborder" valign="top" width="32.95%" headers="mcps1.3.5.3.2.4.1.1 "><p id="obs_04_0062__p22901644122713">ProjectID</p>
</td>
<td class="cellrowborder" valign="top" width="56.57%" headers="mcps1.3.5.3.2.4.1.2 "><p id="obs_04_0062__p19849131082815">ID of the project where the KMS master key belongs when SSE-KMS is used. If the project is not the default one, you must use this parameter to specify the project ID.</p>
<p id="obs_04_0062__p198201472915">Type: string</p>
<p id="obs_04_0062__p1232921112811">Value options:</p>
<ol id="obs_04_0062__ol1129819314321"><li id="obs_04_0062__li429833110328">Project ID that matches <strong id="obs_04_0062__b0176124019435">KMSMasterKeyID</strong>.</li><li id="obs_04_0062__li128069579328">If <strong id="obs_04_0062__b17727124917431">KMSMasterKeyID</strong> is not specified, do not set the project ID.</li></ol>
<p id="obs_04_0062__p152901844162714">Ancestor: <strong id="obs_04_0062__b51428275448">ApplyServerSideEncryptionByDefault</strong></p>
<div class="note" id="obs_04_0062__note332131575820"><span class="notetitle"> NOTE: </span><div class="notebody"><p id="obs_04_0062__p4321215145814">When a custom key in a non-default IAM project is used to encrypt objects, only the key owner can upload or download the encrypted objects.</p>
</div></div>
</td>
<td class="cellrowborder" valign="top" width="10.48%" headers="mcps1.3.5.3.2.4.1.3 "><p id="obs_04_0062__p112907442274">No</p>
</td>
</tr>
</tbody>
</table>
</div>
</div>
<div class="section" id="obs_04_0062__section126840198427"><h4 class="sectiontitle">Response Syntax</h4><div class="codecoloring" codetype="Xml" id="obs_04_0062__screen34072248"><div class="highlight"><table class="highlighttable"><tr><td class="linenos"><div class="linenodiv"><pre><span class="normal">1</span>
<span class="normal">2</span>
<span class="normal">3</span></pre></div></td><td class="code"><div><pre><span></span>HTTP/1.1<span class="w"> </span>status_code
Date:<span class="w"> </span>date
Content-Length:<span class="w"> </span>length
</pre></div></td></tr></table></div>
</div>
</div>
<div class="section" id="obs_04_0062__section1111516502421"><h4 class="sectiontitle">Response Headers</h4><p class="msonormal" id="obs_04_0062__p1512332591013">The response to the request uses common headers. For details, see <a href="obs_04_0013.html#obs_04_0013__d0e686">Table 1</a>.</p>
</div>
<div class="section" id="obs_04_0062__section1684610713438"><h4 class="sectiontitle">Response Elements</h4><p id="obs_04_0062__p128781711134314">This response contains no element.</p>
</div>
<div class="section" id="obs_04_0062__section1821915316431"><h4 class="sectiontitle">Error Responses</h4><p id="obs_04_0062__p184128334439">No special error responses are returned. For details about error responses, see <a href="obs_04_0115.html#obs_04_0115__d0e843">Table 2</a>.</p>
</div>
<div class="section" id="obs_04_0062__section521982018473"><h4 class="sectiontitle">Sample Request</h4><div class="codecoloring" codetype="Xml" id="obs_04_0062__screen8484163863919"><div class="highlight"><table class="highlighttable"><tr><td class="linenos"><div class="linenodiv"><pre><span class="normal"> 1</span>
<span class="normal"> 2</span>
<span class="normal"> 3</span>
<span class="normal"> 4</span>
<span class="normal"> 5</span>
<span class="normal"> 6</span>
<span class="normal"> 7</span>
<span class="normal"> 8</span>
<span class="normal"> 9</span>
<span class="normal">10</span>
<span class="normal">11</span>
<span class="normal">12</span>
<span class="normal">13</span>
<span class="normal">14</span>
<span class="normal">15</span>
<span class="normal">16</span>
<span class="normal">17</span></pre></div></td><td class="code"><div><pre><span></span>PUT<span class="w"> </span>/?encryption<span class="w"> </span>HTTP/1.1
User-Agent:<span class="w"> </span>curl/7.29.0
Host:<span class="w"> </span>examplebucket.obs.region.example.com
Accept:<span class="w"> </span>*/*
Date:<span class="w"> </span>Thu,<span class="w"> </span>21<span class="w"> </span>Feb<span class="w"> </span>2019<span class="w"> </span>03:05:34<span class="w"> </span>GMT
Authorization:<span class="w"> </span>OBS<span class="w"> </span>H4IPJX0TQTHTHEBQQCEC:DpSAlmLX/BTdjxU5HOEwflhM0WI=
Content-Length:<span class="w"> </span>778
<span class="cp">&lt;?xml version=&quot;1.0&quot; encoding=&quot;UTF-8&quot; standalone=&quot;yes&quot;?&gt;</span><span class="w"> </span>
<span class="nt">&lt;ServerSideEncryptionConfiguration</span><span class="w"> </span><span class="na">xmlns=</span><span class="s">&quot;http://obs.region.example.com/doc/2015-06-30/&quot;</span><span class="nt">&gt;</span>
<span class="w"> </span><span class="nt">&lt;Rule&gt;</span>
<span class="w"> </span><span class="nt">&lt;ApplyServerSideEncryptionByDefault&gt;</span>
<span class="w"> </span><span class="nt">&lt;SSEAlgorithm&gt;</span>kms<span class="nt">&lt;/SSEAlgorithm&gt;</span>
<span class="w"> </span><span class="nt">&lt;KMSMasterKeyID&gt;</span>4f1cd4de-ab64-4807-920a-47fc42e7f0d0<span class="nt">&lt;/KMSMasterKeyID&gt;</span>
<span class="w"> </span><span class="nt">&lt;/ApplyServerSideEncryptionByDefault&gt;</span>
<span class="w"> </span><span class="nt">&lt;/Rule&gt;</span>
<span class="nt">&lt;/ServerSideEncryptionConfiguration&gt;</span>
</pre></div></td></tr></table></div>
</div>
</div>
<div class="section" id="obs_04_0062__section76081155815"><h4 class="sectiontitle">Sample Response</h4><div class="codecoloring" codetype="Xml" id="obs_04_0062__screen8485113814"><div class="highlight"><table class="highlighttable"><tr><td class="linenos"><div class="linenodiv"><pre><span class="normal">1</span>
<span class="normal">2</span>
<span class="normal">3</span>
<span class="normal">4</span>
<span class="normal">5</span>
<span class="normal">6</span></pre></div></td><td class="code"><div><pre><span></span>HTTP/1.1<span class="w"> </span>200<span class="w"> </span>OK
Server:<span class="w"> </span>OBS
x-obs-request-id:<span class="w"> </span>BF26000001643670AC06E7B9A7767921
x-obs-id-2:<span class="w"> </span>32AAAQAAEAABSAAgAAEAABAAAQAAEAABCSvK6z8HV6nrJh49gsB5vqzpgtohkiFm
Date:<span class="w"> </span>Thu,<span class="w"> </span>21<span class="w"> </span>Feb<span class="w"> </span>2019<span class="w"> </span>03:05:34<span class="w"> </span>GMT
Content-Length:<span class="w"> </span>0
</pre></div></td></tr></table></div>
</div>
</div>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="obs_04_0026.html">Advanced Bucket Settings</a></div>
</div>
</div>
View Git Blame Copy Permalink