Uploading a File with Server-Side Encryption

OBS allows users to encrypt objects using server-side encryption so that the objects can be securely stored on OBS.


  • The KMS Administrator permission has been added in the region of OBS using Identity and Access Management (IAM). For details about how to add the permission, see "How Do I Manage User Groups and Grant Permissions to Them" in the Identity and Access Management User Guide.
  • If you want to use a user-defined key to encrypt objects to be uploaded, create a key using KMS. For details about how to create a key using KMS, see Creating a CMK in the Key Management Service User Guide.


  1. Log in to OBS Console.
  2. In the bucket list, click the target bucket to go to the Summary page.
  3. In the navigation tree on the left, click Object.
  4. Click Upload. Alternatively, select the target folder and click Upload. The Upload Object dialog box is displayed.
  5. Select the file that you want to upload and click Open.
  6. Select KMS Encryption and select a key, as shown in Figure 1. Then click OK.

    Figure 1 Encrypting an object to be uploaded
    • Key name: Name of the primary key. The key is created in KMS and is used for encrypted protection for data. OBS provides a default key obs/default. You can use the default key or create a key in KMS.

  7. Optional: After uploading the object, click it to view its encryption status, as shown in Figure 2.

    Figure 2 Encryption status
    • The object encryption status cannot be changed.
    • A key in use cannot be deleted. Otherwise, the object encrypted with this key cannot be downloaded.