Release Notes and Announcements
- Release Notes
- Announcements
Product Introduction
Billing
- Billing Overview
- Billing Method
- Billable Items
- Free Tier
- Billing Examples
- Viewing and Downloading Bill
- Payment Overdue
- FAQs
Getting Started
- Console
- Getting Started with COSBrowser
User Guide
- Creating Request
- Bucket
- Object
- Data Management
- Batch Operation
- Global Acceleration
- Monitoring and Alarms
- Operations Center
- Data Processing
- Content Moderation
- Smart Toolbox
- Data Processing Workflow
- Application Integration
User Tools
- Tool Overview
- Installation and Configuration of Environment
- COSBrowser
- COSCLI (Beta)
- COSCMD
- COS Migration
- FTP Server
- Hadoop
- COSDistCp
- HDFS TO COS
- GooseFS-Lite
- Online Tools
- Diagnostic Tool
Use Cases
- Overview
- Access Control and Permission Management
- Performance Optimization
- Accessing COS with AWS S3 SDK
- Data Disaster Recovery and Backup
- Domain Name Management Practice
- Image Processing
- Audio/Video Practices
- Workflow
- Direct Data Upload
- Content Moderation
- Data Security
- Data Verification
- Big Data Practice
- COS Cost Optimization Solutions
- Using COS in the Third-party Applications
Migration Guide
Data Lake Storage
- Cloud Native Datalake Storage
- Metadata Accelerator
- GooseFS
Data Processing
- Data Processing Overview
- Image Processing
- Media Processing
- Content Moderation
- File Processing Service
- File Preview
Troubleshooting
- Obtaining RequestId
- Slow Upload over Public Network
- 403 Error for COS Access
- Resource Access Error
- POST Object Common Exceptions
API Documentation
- Introduction
- Common Request Headers
- Common Response Headers
- Error Codes
- Request Signature
- Action List
- Service APIs
- Bucket APIs
- Object APIs
- Batch Operation APIs
- Data Processing APIs
- Job and Workflow
- Content Moderation APIs
- Cloud Antivirus API
SDK Documentation
- SDK Overview
- Preparations
- Android SDK
- C SDK
- C++ SDK
- .NET(C#) SDK
- Flutter SDK
- Go SDK
- iOS SDK
- Java SDK
- JavaScript SDK
- Node.js SDK
- PHP SDK
- Python SDK
- React Native SDK
- Mini Program SDK
- Error Codes
- Harmony SDK
- Endpoint SDK Quality Optimization
Security and Compliance
- Data Disaster Recovery
- Data Security
- Cloud Access Management
FAQs
- Popular Questions
- General
- Billing
- Domain Name Compliance Issues
- Bucket Configuration
- Domain Names and CDN
- Object Operations
- Logging and Monitoring
- Permission Management
- Data Processing
- Data Security
- Pre-signed URL Issues
- SDKs
- Tools
- APIs
Agreements
Contact Us
Glossary

Server-Side Encryption Feature Introduction

Modo Foco

Tamanho da Fonte

Última atualização: 2025-12-22 16:27:37

Overview
A metadata acceleration bucket is a special type of bucket. Its support status, configuration, and method of use for server-side encryption differ from ordinary buckets. For a basic introduction to server-side encryption, please refer to Server-side Encryption Overview.
This document provides detailed information on the variations in server-side encryption between metadata acceleration buckets and ordinary buckets, as well as the method of use for server-side encryption in metadata acceleration buckets.
Server-Side Encryption Support Status
The support status for server-side encryption in buckets and metadata acceleration buckets is as shown in the table below:
Access Method
Server-Side Encryption Type
bucket
metadata acceleration bucket
S3 API
SSE-C
Supported
Not supported
﻿
SSE-COS
Supported
Supported
﻿
SSE-KMS
Supported
Not supported
HDFS API
SSE-C
Supported
Supported
﻿
SSE-COS
Supported
Supported
﻿
SSE-KMS
Supported
Supported
Note:
In addition to the differences listed in the above table, metadata acceleration buckets also have two additional usage limits:
Bucket encryption is not supported (see bucket encryption overview), including console configuration and REST API configuration.
Only supports the AES256 encryption algorithm. SM4 encryption algorithm is not supported.
Server-Side Encryption Method of Use
The server-side encryption configuration method for metadata acceleration buckets depends on the API type.
S3 API access: The method to configure the encryption method is the same as for a bucket. See server-side encryption dedicated header to set request header parameters.
HDFS API access: Select the configuration method based on the different clients used (OFS client or COSN client). For details about the two clients, see Client Introduction.
﻿
The configuration items listed in the following context need to be added or modified in the Hadoop core-site.xml file. The operation path varies depending on the environment.
Tencent Cloud's EMR product: Operate via the EMR console. For the method to edit the core-site.xml configuration file, see configuration update.
Self-built big data environment: The core-site.xml file is normally located under the $HADOOP_HOME/etc/hadoop directory, depending on the installation method and release version of the big data components.
OFS Client
When using the OFS client, the configuration items for various encryption methods are as follows:
SSE-C Encryption
Configuration Item
Configuration Description
Required
fs.ofs.sse.mode
Specify server encryption method, here is SSE-C
Yes
fs.ofs.sse.c.key
A Base64-encoded AES-256 key, for example MDEyMzQ1Njc4OUFCQ0RFRjAxMjM0NTY3ODlBQkNERUY=
Yes
SSE-COS Encryption
Configuration Item
Configuration Description
Required
fs.ofs.sse.mode
Specify server encryption method, here is SSE-COS
Yes
SSE-KMS Encryption
Configuration Item
Configuration Description
Required
fs.ofs.sse.mode
Specify server encryption method, here is SSE-KMS
Yes
fs.ofs.sse.kms.keyid
Specify the User Master Key (CMK) of KMS. If not specified, use the CMK created by COS by default.
example value: 93866e69-9755-11ef-8e65-52540089bc41
No
fs.ofs.sse.kms.context
Specify the KMS encryption context, with the value being the Base64-encoded JSON-formatted encryption context key-value pair.
example value: eyJrZXkxIjoidmFsdWUxIn0=
No
COSN Client
When using the COSN client, the configuration items for various encryption methods are as follows:
SSE-C Encryption
Configuration Item
Configuration Description
Required
fs.cosn.trsf.fs.ofs.sse.mode
Specify server encryption method, here is SSE-C
Yes
fs.cosn.trsf.fs.ofs.sse.c.key
A Base64-encoded AES-256 key, for example MDEyMzQ1Njc4OUFCQ0RFRjAxMjM0NTY3ODlBQkNERUY=
Yes
SSE-COS Encryption
Configuration Item
Configuration Description
Required
fs.cosn.trsf.fs.ofs.sse.mode
Specify server encryption method, here is SSE-COS
Yes
SSE-KMS Encryption
Configuration Item
Configuration Description
Required
fs.cosn.trsf.fs.ofs.sse.mode
Specify server encryption method, here is SSE-KMS
Yes
fs.cosn.trsf.fs.ofs.sse.kms.keyid
Specify the User Master Key (CMK) of KMS. If not specified, use the CMK created by COS by default.
example value: 93866e69-9755-11ef-8e65-52540089bc41
No
fs.cosn.trsf.fs.ofs.sse.kms.context
Specify the KMS encryption context, with the value being the Base64-encoded JSON-formatted encryption context key-value pair.
example value: eyJrZXkxIjoidmFsdWUxIn0=
No
﻿

Ajuda e Suporte

Esta página foi útil?

Você também pode entrar em contato com a Equipe de vendas ou Enviar um tíquete em caso de ajuda.

comentários

tencent cloud

Cloud Object Storage

Server-Side Encryption Feature Introduction

Overview

Server-Side Encryption Support Status

Server-Side Encryption Method of Use

OFS Client

SSE-C Encryption

SSE-COS Encryption

SSE-KMS Encryption

COSN Client

SSE-C Encryption

SSE-COS Encryption

SSE-KMS Encryption

Ajuda e Suporte

Access Method	Server-Side Encryption Type	bucket	metadata acceleration bucket
S3 API	SSE-C	Supported	Not supported
		SSE-COS	Supported	Supported
		SSE-KMS	Supported	Not supported
HDFS API	SSE-C	Supported	Supported
		SSE-COS	Supported	Supported
		SSE-KMS	Supported	Supported

Configuration Item	Configuration Description	Required
fs.ofs.sse.mode	Specify server encryption method, here is SSE-C	Yes
fs.ofs.sse.c.key	A Base64-encoded AES-256 key, for example MDEyMzQ1Njc4OUFCQ0RFRjAxMjM0NTY3ODlBQkNERUY=	Yes