服务端加密
更新时间: 2020-03-24
目录
本节主要介绍桶的服务端加密管理。
- 服务端加密分为AES256加密、kms加密,目前rgw支持AES256加密。
- 目前只支持设置一种加密状态,设置多种或者多次设置服务端加密状态,机密会采取最后一个(次)的加密方式。
设置桶服务端加密
以下代码用于设置桶服务端加密:
// Endpoint以华北三为例,其它Region请按实际情况填写。
String endpoint = "oss.cn-north-3.inspurcloudoss.com";
String accessKey = "<yourAccessKey>";
String secretKey = "<yourSecretKey>";
String bucketName = "<yourBucketName>";
//创建OSSClient实例
OSSClientImpl ossClient = new OSSClientImpl(endpoint, accessKey, secretKey);
//设置桶服务端加密
ServerSideEncryptionByDefaultRequest request = new ServerSideEncryptionByDefaultRequest();
//设置AES256加密
request.setSSEAlgorithm(SSEAlgorithm.AES256.getAlgorithm());
//设置kms加密
//request.setSSEAlgorithm(SSEAlgorithm.KMS.getAlgorithm());
//request.setKMSMasterKeyID("");
List<ServerSideEncryptionByDefaultRequest> requestList = new ArrayList<>();
requestList.add(request);
ossClient.setBucketEncryption(bucketName, requestList);
获取桶服务端加密信息
以下代码用于获取桶服务端加密信息:
// Endpoint以华北三为例,其它Region请按实际情况填写。
String endpoint = "oss.cn-north-3.inspurcloudoss.com";
String accessKey = "<yourAccessKey>";
String secretKey = "<yourSecretKey>";
String bucketName = "<yourBucketName>";
//创建OSSClient实例
OSSClientImpl ossClient = new OSSClientImpl(endpoint, accessKey, secretKey);
//获取桶服务端加密信息
List<GetBucketEncryptionResult> bucketEncryption = ossClient.getBucketEncryption(bucketName);
bucketEncryption.forEach(result -> {
System.out.println("the encryption type: " + result.getSSEAlgorithm());
if ("kms".equals(result.getSSEAlgorithm()) || "KMS".equals(result.getSSEAlgorithm())) {
System.out.println("the KMS id: " + result.getKMSMasterKeyID());
}
});
删除桶服务端加密
以下代码用于删除桶服务端加密:
// Endpoint以华北三为例,其它Region请按实际情况填写。
String endpoint = "oss.cn-north-3.inspurcloudoss.com";
String accessKey = "<yourAccessKey>";
String secretKey = "<yourSecretKey>";
String bucketName = "<yourBucketName>";
//创建OSSClient实例
OSSClientImpl ossClient = new OSSClientImpl(endpoint, accessKey, secretKey);
//删除桶服务端加密
ossClient.deleteBucketEncryption(bucketName);