• Object Storage Service

obs
  1. Help Center
  2. Object Storage Service
  3. User Guide
  4. OBS Browser Operation Guide
  5. Server-Side Encryption
  6. Uploading a File with Server-Side Encryption

Uploading a File with Server-Side Encryption

OBS allows users to encrypt objects using server-side encryption so that the objects can be securely stored on OBS.

Prerequisites

The KMS Administrator permission has been added in the region of OBS using Identity and Access Management (IAM). For details about how to add the permission, see "How Do I Manage User Groups and Grant Permissions to Them?" in the Identity and Access Management User Guide.

Procedure

  1. Log in to OBS Browser.
  2. In the upper right corner on the page, click .
  3. Choose System Configuration > General. The System Configuration dialog box is displayed, as shown in Figure 1.

    Figure 1 Enabling KMS encryption

  4. Select Enable HTTPS and Enable KMS encryption.

    If Enable HTTPS and Enable KMS encryption are selected, KMS encryption will be implemented for all objects uploaded to OBS. After objects are uploaded, click  on the right of the object list. In the Properties dialog box that is displayed in Figure 2, view the object encryption status. KMS encryption indicates that server-side encryption has been implemented for the object. No indicates that server-side encryption has not been implemented for the object. The object encryption status cannot be changed.

    NOTE:

    HTTPS must be enabled when you enable KMS encryption to upload objects. Therefore, if you deselect Enable HTTPSEnable KMS encryption is deselected automatically.

    Figure 2 Properties of the encrypted object
    NOTE:
    • Server-side encryption does not support HTTP. To use server-side encryption, enable HTTPS.
    • Do not delete the encryption key that is being used for an encrypted object. Otherwise, the encrypted object cannot be downloaded.