동향 및 공지

릴리스 노트

제품 공지

제품 소개

제품 개요

기능 개요

적용 시나리오

제품 장점

기본 개념

리전 및 액세스 도메인

규격 및 제한

제품 요금

과금 개요

과금 방식

과금 항목

프리 티어

과금 예시

청구서 보기 및 다운로드

연체 안내

FAQ

빠른 시작

콘솔 시작하기

COSBrowser 시작하기

사용자 가이드

요청 생성

버킷

객체

데이터 관리

일괄 프로세스

글로벌 가속

모니터링 및 알람

운영 센터

데이터 처리

스마트 툴 박스 사용 가이드

데이터 워크플로

애플리케이션 통합

툴 가이드

툴 개요

환경 설치 및 설정

COSBrowser 툴

COSCLI 툴

COSCMD 툴

COS Migration 툴

FTP Server 툴

Hadoop 툴

COSDistCp 툴

HDFS TO COS 툴

온라인 도구 (Onrain Dogu)

자가 진단 도구

실습 튜토리얼

개요

액세스 제어 및 권한 관리

성능 최적화

AWS S3 SDK를 사용하여 COS에 액세스하기

데이터 재해 복구 백업

도메인 관리 사례

이미지 처리 사례

COS 오디오/비디오 플레이어 사례

데이터 다이렉트 업로드

데이터 보안

데이터 검증

빅 데이터 사례

COS 비용 최적화 솔루션

3rd party 애플리케이션에서 COS 사용

마이그레이션 가이드

로컬 데이터 COS로 마이그레이션

타사 클라우드 스토리지 데이터를 COS로 마이그레이션

URL이 소스 주소인 데이터를 COS로 마이그레이션

COS 간 데이터 마이그레이션

Hadoop 파일 시스템과 COS 간 데이터 마이그레이션

데이터 레이크 스토리지

클라우드 네이티브 데이터 레이크

메타데이터 가속

데이터 레이크 가속기 GooseFS

데이터 처리

데이터 처리 개요

이미지 처리

미디어 처리

콘텐츠 조정

파일 처리

문서 미리보기

장애 처리

RequestId 가져오기

공용 네트워크로 COS에 파일 업로드 시 속도가 느린 문제

COS 액세스 시 403 에러 코드 반환

리소스 액세스 오류

POST Object 자주 발생하는 오류

보안 및 컴플라이언스

데이터 재해 복구

데이터 보안

액세스 관리

자주 묻는 질문

Bucket Encryption

포커스 모드

폰트 크기

마지막 업데이트 시간: 2024-02-04 16:24:44

Overview
This document provides an overview of APIs and SDK code samples related to bucket encryption.
API
Operation
Description
PUT Bucket encryption
Setting bucket encryption
Sets the default encryption configuration for a bucket
GET Bucket encryption
Querying bucket encryption configuration
Queries the default encryption configuration of a bucket
DELETE Bucket encryption
Deleting bucket encryption configuration
Deletes the default encryption configuration of a bucket
Setting Bucket Encryption
Feature description
This API is used to set the default server-side encryption configuration for a bucket. To call this API, you must have the PutBucketEncryption permission. By default, the bucket owner has permission to use this API and can grant such permission to other users.
Method prototype
put_bucket_encryption(Bucket, ServerSideEncryptionConfiguration={}, **kwargs)
Sample request
# -*- coding=utf-8
from qcloud_cos import CosConfig
from qcloud_cos import CosS3Client
import sys
import os
import logging
﻿
# In most cases, set the log level to INFO. If you need to debug, you can set it to DEBUG and the SDK will print information about the communication with the server.
logging.basicConfig(level=logging.INFO, stream=sys.stdout)
﻿
# 1. Set user attributes such as secret_id, secret_key, and region. Appid has been removed from CosConfig and thus needs to be specified in Bucket, which is formatted as BucketName-Appid.
secret_id = os.environ['COS_SECRET_ID']     #  User `SecretId`. We recommend you use a sub-account key and follow the principle of least privilege to reduce risks. For information about how to obtain a sub-account key, visit https://www.tencentcloud.com/document/product/598/32675.
secret_key = os.environ['COS_SECRET_KEY']   # User `SecretKey`. We recommend you use a sub-account key and follow the principle of least privilege to reduce risks. For information about how to obtain a sub-account key, visit https://www.tencentcloud.com/document/product/598/32675.
region = 'ap-beijing'      # Replace it with the actual region, which can be viewed in the console at https://console.tencentcloud.com/cos5/bucket.
                           # For the list of regions supported by COS, visit https://www.tencentcloud.com/document/product/436/6224.
token = None               # Token is required for temporary keys but not permanent keys. For more information about how to generate and use a temporary key, visit https://www.tencentcloud.com/document/product/436/14048.
scheme = 'https'           # Specify whether to use HTTP or HTTPS protocol to access COS. This field is optional and is `https` by default.
﻿
config = CosConfig(Region=region, SecretId=secret_id, SecretKey=secret_key, Token=token, Scheme=scheme)
client = CosS3Client(config)
﻿
config_dict = {
    'Rule': [
        {
            'ApplySideEncryptionConfiguration': {
                'SSEAlgorithm': 'AES256',
            }
        },
    ]
}
client.put_bucket_encryption(Bucket='examplebucket-1250000000', ServerSideEncryptionConfiguration=config_dict)
Parameter description
Parameter
Description
Type
Required
Bucket
Bucket name in the format of BucketName-APPID
String
Yes
ServerSideEncryptionConfiguration
Server-side encryption configuration
Dict
Yes
ServerSideEncryptionConfiguration is described as follows:
Parameter
Description
Type
Required
Rule
Server-side encryption rule list. Currently, only one rule is supported.
List
Yes
ApplySideEncryptionConfiguration
Description of the server-side encryption configuration
Dict
Yes
SSEAlgorithm
Server-side encryption algorithm. Currently, bucket encryption supports only the SSE-COS type and uses the AES-256 encryption algorithm.
String
Yes
Response description
This API returns None.
Querying Bucket Encryption Configuration
Feature description
This API is used to query the default server-side encryption configuration for a bucket. To call this API, you must have the GetBucketEncryption permission. By default, the bucket owner has permission to use this API and can grant such permission to other users.
Method prototype
get_bucket_encryption(Bucket, **kwargs)
Sample request
# -*- coding=utf-8
from qcloud_cos import CosConfig
from qcloud_cos import CosS3Client
import sys
import os
import logging
﻿
# In most cases, set the log level to INFO. If you need to debug, you can set it to DEBUG and the SDK will print information about the communication with the server.
logging.basicConfig(level=logging.INFO, stream=sys.stdout)
﻿
# 1. Set user attributes such as secret_id, secret_key, and region. Appid has been removed from CosConfig and thus needs to be specified in Bucket, which is formatted as BucketName-Appid.
secret_id = os.environ['COS_SECRET_ID']     #  User `SecretId`. We recommend you use a sub-account key and follow the principle of least privilege to reduce risks. For information about how to obtain a sub-account key, visit https://www.tencentcloud.com/document/product/598/32675.
secret_key = os.environ['COS_SECRET_KEY']   # User `SecretKey`. We recommend you use a sub-account key and follow the principle of least privilege to reduce risks. For information about how to obtain a sub-account key, visit https://www.tencentcloud.com/document/product/598/32675.
region = 'ap-beijing'      # Replace it with the actual region, which can be viewed in the console at https://console.tencentcloud.com/cos5/bucket.
                           # For the list of regions supported by COS, visit https://www.tencentcloud.com/document/product/436/6224.
token = None               # Token is required for temporary keys but not permanent keys. For more information about how to generate and use a temporary key, visit https://www.tencentcloud.com/document/product/436/14048.
scheme = 'https'           # Specify whether to use HTTP or HTTPS protocol to access COS. This field is optional and is `https` by default.
﻿
config = CosConfig(Region=region, SecretId=secret_id, SecretKey=secret_key, Token=token, Scheme=scheme)
client = CosS3Client(config)
﻿
response = client.get_bucket_encryption(Bucket='examplebucket-1250000000')
sse_algorithm = response['Rule'][0]['ApplyServerSideEncryptionByDefault']['SSEAlgorithm']
Parameter description
Parameter
Description
Type
Required
Bucket
Bucket name in the format of BucketName-APPID
String
Yes
Response description
Parameter
Description
Type
Required
ServerSideEncryptionConfiguration
Server-side encryption configuration
Dict
Yes
ServerSideEncryptionConfiguration is described as follows:
Parameter
Description
Type
Required
Rule
Server-side encryption rule list. Currently, only one rule is supported.
List
Yes
ApplySideEncryptionConfiguration
Description of the server-side encryption configuration
Dict
Yes
SSEAlgorithm
Server-side encryption algorithm. Currently, bucket encryption supports only the SSE-COS type and uses the AES-256 encryption algorithm.
String
Yes
Deleting Bucket Encryption Configuration
Feature description
This API is used to delete the default encryption configuration for a bucket. To call this API, you must have the DeleteBucketEncryption permission. By default, the bucket owner has permission to use this API and can grant such permission to other users.
Method prototype
delete_bucket_encryption(Bucket, **kwargs)
Sample request
# -*- coding=utf-8
from qcloud_cos import CosConfig
from qcloud_cos import CosS3Client
import sys
import os
import logging
﻿
# In most cases, set the log level to INFO. If you need to debug, you can set it to DEBUG and the SDK will print information about the communication with the server.
logging.basicConfig(level=logging.INFO, stream=sys.stdout)
﻿
# 1. Set user attributes such as secret_id, secret_key, and region. Appid has been removed from CosConfig and thus needs to be specified in Bucket, which is formatted as BucketName-Appid.
secret_id = os.environ['COS_SECRET_ID']     #  User `SecretId`. We recommend you use a sub-account key and follow the principle of least privilege to reduce risks. For information about how to obtain a sub-account key, visit https://www.tencentcloud.com/document/product/598/32675.
secret_key = os.environ['COS_SECRET_KEY']   # User `SecretKey`. We recommend you use a sub-account key and follow the principle of least privilege to reduce risks. For information about how to obtain a sub-account key, visit https://www.tencentcloud.com/document/product/598/32675.
region = 'ap-beijing'      # Replace it with the actual region, which can be viewed in the console at https://console.tencentcloud.com/cos5/bucket.
                           # For the list of regions supported by COS, visit https://www.tencentcloud.com/document/product/436/6224.
token = None               # Token is required for temporary keys but not permanent keys. For more information about how to generate and use a temporary key, visit https://www.tencentcloud.com/document/product/436/14048.
scheme = 'https'           # Specify whether to use HTTP or HTTPS protocol to access COS. This field is optional and is `https` by default.
﻿
config = CosConfig(Region=region, SecretId=secret_id, SecretKey=secret_key, Token=token, Scheme=scheme)
client = CosS3Client(config)
﻿
response = client.delete_bucket_encryption(Bucket='examplebucket-1250000000')
Parameter description
Parameter
Description
Type
Required
Bucket
Bucket name in the format of BucketName-APPID
String
Yes
Response description
This API returns None.

도움말 및 지원

문제 해결에 도움이 되었나요?

더 자세한 내용은 문의하기 또는 티겟 제출 을 통해 문의할 수 있습니다.

피드백

tencent cloud

Cloud Object Storage

Bucket Encryption

Overview

Setting Bucket Encryption

Feature description

Method prototype

Sample request

Parameter description

Response description

Querying Bucket Encryption Configuration

Feature description

Method prototype

Sample request

Parameter description

Response description

Deleting Bucket Encryption Configuration

Feature description

Method prototype

Sample request

Parameter description

Response description

도움말 및 지원

API	Operation	Description
PUT Bucket encryption	Setting bucket encryption	Sets the default encryption configuration for a bucket
GET Bucket encryption	Querying bucket encryption configuration	Queries the default encryption configuration of a bucket
DELETE Bucket encryption	Deleting bucket encryption configuration	Deletes the default encryption configuration of a bucket

Parameter	Description	Type	Required
Bucket	Bucket name in the format of `BucketName-APPID`	String	Yes
ServerSideEncryptionConfiguration	Server-side encryption configuration	Dict	Yes