Encrypt Data Disk and Snapshot

CDS

  • API Reference
    • Disk Related Interfaces
  • Dedicated Cluster Operation Guide
    • Charge
    • Create a dedicated cluster
    • Create Cloud Disk Server in Dedicated Cluster
    • Expand Dedicated Cluster
    • View Dedicated Cluster Information
    • What Is a Dedicated Cluster
  • Disk Operation Guide
    • Basic Operations
      • Create cloud disks
      • Disk encryption
        • Encrypt Data Disk and Snapshot
        • Encrypt System Disk and Image
        • Encryption Overview
      • Format cloud disks
        • Format Disk Partition on Linux System
        • Format Disk Partition on Windows System
        • Overview
      • Monitor alarm
      • mount Cloud Disk Server
      • Recycle bin
      • Release cloud disks
      • Tag Management
      • Unmount Cloud Disk Server
    • Billing management
      • Renew cloud disks
      • Shift Charge
    • Elastic Operations
      • Burst performance capability
      • Change cloud disk type
      • Performance preconfiguration
        • Use Performance Pre-Configuration
        • What Is Performance Pre-Configuration
      • Resize cloud disks
        • Expansion Overview
        • Extend Disk Partition on Linux Data Disk
        • Extend Disk Partition on Linux System Disk
        • Extend Disk Partition on Windows Data Disk
        • Extend Disk Partition on Windows System Disk
  • FAQs
    • Billing Problems
    • Common Questions Overview
    • Configuration-related questions
    • Fault-related questions
    • Performance-related questions
    • Security Problems
  • Peripheral Tools
    • CDSCMD Tool
      • Configure CDS CMD Tool
      • Install CDS CMD Tool
      • Operate Disk Using CDS CMD Tool
      • Overview
      • Tool Version History
  • Product Description
    • Application scenarios
    • Disk Status
    • Disk types
    • Product advantages
    • Product features
    • Product functions
    • Product Introduction
    • Type and Region
  • Product pricing
    • Disk charge type
      • Pay as you go
      • Subscription billing
    • Disk Expiration and Debt Reminder
    • Snapshot Charge Type
    • Universal Storage Capacity Package GSCP
  • Product Updates
    • Function Release Records
    • Product Announcement
      • Adjustments to prepay Disk renew, shift charge, and Unsubscribe Operations
  • Service Level Agreement (SLA)
    • Baidu Intelligent Cloud Block Storage Trusted Cloud
    • CDS Service Level Agreement (SLA V2_0)
  • Snapshot Operation Guide
    • Disk Snapshot
      • Automatic snapshot
      • Create a custom image
      • Create CDS disk from snapshot
      • Cross-region replication
      • Delete a snapshot
      • Manual Snapshot
      • Snapshot Rollback
      • Tag Management
    • Instance snapshots
      • Instance snapshots
    • Introduction to snapshot
      • Instructions for use
      • Snapshot chain
  • Typical Practices
    • Block Device Persistent Naming
All documents
menu
No results found, please re-enter

CDS

  • API Reference
    • Disk Related Interfaces
  • Dedicated Cluster Operation Guide
    • Charge
    • Create a dedicated cluster
    • Create Cloud Disk Server in Dedicated Cluster
    • Expand Dedicated Cluster
    • View Dedicated Cluster Information
    • What Is a Dedicated Cluster
  • Disk Operation Guide
    • Basic Operations
      • Create cloud disks
      • Disk encryption
        • Encrypt Data Disk and Snapshot
        • Encrypt System Disk and Image
        • Encryption Overview
      • Format cloud disks
        • Format Disk Partition on Linux System
        • Format Disk Partition on Windows System
        • Overview
      • Monitor alarm
      • mount Cloud Disk Server
      • Recycle bin
      • Release cloud disks
      • Tag Management
      • Unmount Cloud Disk Server
    • Billing management
      • Renew cloud disks
      • Shift Charge
    • Elastic Operations
      • Burst performance capability
      • Change cloud disk type
      • Performance preconfiguration
        • Use Performance Pre-Configuration
        • What Is Performance Pre-Configuration
      • Resize cloud disks
        • Expansion Overview
        • Extend Disk Partition on Linux Data Disk
        • Extend Disk Partition on Linux System Disk
        • Extend Disk Partition on Windows Data Disk
        • Extend Disk Partition on Windows System Disk
  • FAQs
    • Billing Problems
    • Common Questions Overview
    • Configuration-related questions
    • Fault-related questions
    • Performance-related questions
    • Security Problems
  • Peripheral Tools
    • CDSCMD Tool
      • Configure CDS CMD Tool
      • Install CDS CMD Tool
      • Operate Disk Using CDS CMD Tool
      • Overview
      • Tool Version History
  • Product Description
    • Application scenarios
    • Disk Status
    • Disk types
    • Product advantages
    • Product features
    • Product functions
    • Product Introduction
    • Type and Region
  • Product pricing
    • Disk charge type
      • Pay as you go
      • Subscription billing
    • Disk Expiration and Debt Reminder
    • Snapshot Charge Type
    • Universal Storage Capacity Package GSCP
  • Product Updates
    • Function Release Records
    • Product Announcement
      • Adjustments to prepay Disk renew, shift charge, and Unsubscribe Operations
  • Service Level Agreement (SLA)
    • Baidu Intelligent Cloud Block Storage Trusted Cloud
    • CDS Service Level Agreement (SLA V2_0)
  • Snapshot Operation Guide
    • Disk Snapshot
      • Automatic snapshot
      • Create a custom image
      • Create CDS disk from snapshot
      • Cross-region replication
      • Delete a snapshot
      • Manual Snapshot
      • Snapshot Rollback
      • Tag Management
    • Instance snapshots
      • Instance snapshots
    • Introduction to snapshot
      • Instructions for use
      • Snapshot chain
  • Typical Practices
    • Block Device Persistent Naming
  • Document center
  • arrow
  • CDS
  • arrow
  • Disk Operation Guide
  • arrow
  • Basic Operations
  • arrow
  • Disk encryption
  • arrow
  • Encrypt Data Disk and Snapshot
Table of contents on this page
  • Overview
  • Encrypt the data disk when creating a Baidu Cloud Compute (BCC) Instance
  • Encrypt Data Disk when creating CDS Cloud Disk Server

Encrypt Data Disk and Snapshot

Updated at:2025-11-03

Overview

Once a data disk is encrypted, both the dynamic transmission data and static data within the disk are encrypted. New Cloud Disk Servers created from snapshots of the encrypted disk will also be encrypted.

Encrypt the data disk when creating a Baidu Cloud Compute (BCC) Instance

1. Sign in to the Baidu AI Cloud official website

Sign in to Baidu AI Cloud official website.

  • If you have not registered an account, you must first [register an account](UserGuide/Register an account.md#Register a Baidu Account).
  • If you have registered an account, you can directly sign in.

2. Access the BCC console

Navigate to the BCC console by selecting "Baidu Cloud Compute > Baidu Cloud Compute (BCC)" in the left sidebar.

3. Creating New BCC Cloud Compute

Click "Create Instance" at the top of the console page to create a new BCC instance.

image.png

4. Encrypt Data Disk

Click "Create Cloud Disk Server" to add a data disk to the Baidu Cloud Compute. Then click the "Enable" button below to activate the Disk Encryption feature. If enabling CDS Disk Encryption for the first time, you must authorize CDS to access and use your created KMS master keys and review KMS billing details. If you haven’t activated the KMS service, you must enable it first.

After enabling Disk Encryption, CDS will automatically retrieve your created KMS master keys within this region. If your master key does not appear in the drop-down menu, possible reasons include:

  • You have not created a KMS key yet. Please proceed to the KMS console to create one;
  • KMS is Region-specific. If you have not created a KMS key in this Region, please proceed to the KMS console to create one;
  • The KMS Key type you created in this Region does not support associated disk encryption. Please create BAIDU_AES_256, AES_128 or AES_256 type keys. image.png

5. Use Encrypted Cloud Disk Server

After the Baidu Cloud Compute (BCC) Instance is created, the Data Disk will be automatically encrypted and decrypted when you use the Cloud Disk Server, with no manual operation required. All snapshots created from this disk will be automatically encrypted, and new Cloud Disk Servers (CDS) generated from these snapshots will continue to use the same encryption key. For detailed usage restrictions, refer to Encryption Overview.

image.png

Encrypt Data Disk when creating CDS Cloud Disk Server

1. Sign in to the Baidu AI Cloud official website

Sign in to Baidu AI Cloud official website.

  • If you have not registered an account, you must first [register an account](UserGuide/Register an account.md#Register a Baidu Account).
  • If you have registered an account, you can directly sign in.

2. Access the BCC console

Navigate to the BCC console by selecting "Baidu Cloud Compute > Baidu Cloud Compute (BCC)" in the left sidebar.

3. Create a new Cloud Disk Server (CDS)

Click "Disk" on the left-hand sidebar to view the disk list, then click "Create Disk" at the top to create a new data disk.

4. Encrypt Data Disk

Click the "Enable" button below to activate the Disk Encryption feature. The creation method is identical to encrypting Data Disks when creating Baidu Cloud Compute (BCC).

image.png

5. Use Encrypted Cloud Disk Server

After creation, you can use this encrypted CDS Cloud Disk Server. Usage and restrictions are identical to encrypting Data Disks when creating Baidu Cloud Compute BCC.

image.png

Previous
Create cloud disks
Next
Encrypt System Disk and Image