• Object Storage Service

obs
  1. Help Center
  2. Object Storage Service
  3. User Guide
  4. OBS Console Operation Guide
  5. Server-Side Encryption
  6. Uploading a File with Server-Side Encryption

Uploading a File with Server-Side Encryption

OBS allows users to encrypt objects using server-side encryption so that the objects can be securely stored on OBS.

Prerequisites

  • The KMS Administrator permission has been added in the region of OBS using Identity and Access Management (IAM). For details about how to add the permission, see "How Do I Manage User Groups and Grant Permissions to Them" in the Identity and Access Management User Guide.
  • If you want to use a user-defined key to encrypt objects to be uploaded, create a key using KMS. For details about how to create a key using KMS, see Creating a CMK in the Key Management Service User Guide.

Procedure

  1. In the bucket list on the OBS Console, click the target bucket to go to the Summary page.
  2. In the navigation tree on the left, click Objects.
  3. Click Upload File. Alternatively, select the target folder and click Upload File. The Upload File dialog box is displayed.
  4. Select the file that you want to upload and click Open.
  5. Select KMS Encryption and select a key. The Upload File page is displayed in Figure 1. Then click OK.

    Figure 1 Encrypting an object to be uploaded
    • KMS encryption: Name of the primary key. The key is created in KMS and is used for encrypted protection for data. OBS provides a default key obs/default. You can use the default key or create a key in KMS.

  6. Optional: After uploading the object, click it to view its encryption status.

    NOTE:
    • The object encryption status cannot be changed.
    • A key in use cannot be deleted. Otherwise, the object encrypted with this key cannot be downloaded.