Server Encryption
Basic Introduction
BOS supports users to carry HTTP header of x-bce-server-side-encryption in uploading and copying requests (Putobject, Postobject, InitiateMultipartUpload, appendObject, Fetchobject, Copyobject), and specify the encryption algorithm of users (currently only AES256 is supported), so as to realize the effective security protection of data. Please refer to Related Interface of Object for related API .
Operation Method
BOS adds a switch at bucket level on the console, thus users can directly enable bucket encryption, so that all subsequent uploaded and copied files in the bucket can be encrypted automatically.
We provide the API for bucket encryption at the same time as follows:
Note
1.If the request of object carries the x-bce-server-side-encryption HTTP header and specifies encryption, the file will be encrypted whether the bucket encryption switch is on or not. 2.If encryption is not specified in the request of object, the file will be encrypted if the bucket encryption switch is turned on. 3.The status change of the bucket encryption switch will not affect the existing file, and will only take effect for new file.