• Elastic Volume Service

evs
  1. Help Center
  2. Elastic Volume Service
  3. User Guide
  4. Management
  5. Managing an Encrypted EVS Disk

Managing an Encrypted EVS Disk

Relationships Among Encrypted Disks, Snapshots, and Backups

The encryption function can be used for system disks, data disks, EVS snapshots, and EVS disk backups. The detailed descriptions are as follows:
  • The system disk encryption depends on the image of the server OS. If the server is created using an encrypted image, the system disk will be an encrypted disk. For details, see Encrypting an Image in the Image Management Service User Guide.
  • The encryption setting of an existing EVS disk cannot be changed. You can only determine whether to use the encryption function or not when you create a new disk.
  • If an EVS disk is created from a snapshot, the encryption setting of the EVS disk will be the same as that of the snapshot.
  • If an EVS disk is created from a backup, the encryption setting of the EVS disk will be the same as that of the backup.
  • If a snapshot or backup is created for an EVS disk, the encryption setting of the snapshot or backup will be the same as that of the EVS disk.

Creating an Encrypted EVS Disk

Before you use the disk encryption function, KMS access rights need to be granted to EVS. If you have the Security Administrator rights, grant the KMS access rights to EVS directly. If you do not have this permission, contact a user with the security administrator rights to grant the KMS access rights to EVS, then repeat the preceding operations.

For details about how to create an encrypted disk, see Creating an EVS Disk.

Detaching an Encrypted EVS Disk

Before you detach an EVS disk encrypted by a CMK, check whether the CMK is disabled or scheduled for deletion. If the CMK is unavailable, the disk can still be used, but normal read/write operations are not guaranteed permanently. If the disk is detached and then re-attached, re-attaching this disk will fail. In this case, do not detach the disk and restore the CMK status first.

The restoration method varies depending on the current CMK status. For details, see EVS Disk Encryption.

If the CMK is available, the disk can be detached and re-attached, and data on the disk will not be lost.

For details about how to detach an encrypted disk, see Detaching a Data Disk.