OBS allows users to encrypt objects using server-side encryption so that the objects can be securely stored on OBS.
- The KMS Administrator permission has been added in the region of OBS using Identity and Access Management (IAM). For details about how to add the permission, see "How Do I Manage User Groups and Grant Permissions to Them" in the Identity and Access Management User Guide.
- If you want to use a user-defined key to encrypt objects to be uploaded, create a key using KMS. For details about how to create a key using KMS, see Creating a CMK in the Key Management Service User Guide.
- In the bucket list on the OBS Console, click the target bucket to go to the Summary page.
- In the navigation tree on the left, click Objects.
- Click Upload File. Alternatively, select the target folder and click Upload File. The Upload File dialog box is displayed.
- Select the file that you want to upload and click Open.
- Select KMS Encryption and select a key. The Upload File page is displayed in Figure 1. Then click OK.
Figure 1 Encrypting an object to be uploaded
- KMS encryption: Name of the primary key. The key is created in KMS and is used for encrypted protection for data. OBS provides a default key obs/default. You can use the default key or create a key in KMS.
- Optional: After uploading the object, click it to view its encryption status.
- The object encryption status cannot be changed.
- A key in use cannot be deleted. Otherwise, the object encrypted with this key cannot be downloaded.