Message Queue for Apache RocketMQ Disk Encryption protects messages at rest, enhancing data security for Message Queue for Apache RocketMQ instances.
Background
Message Queue for Apache RocketMQ Disk Encryption keeps messages encrypted at rest, protecting sensitive data in finance, social media, e-commerce, and other security-critical applications.
Limitations
-
Disk Encryption is available only for Message Queue for Apache RocketMQ V5.x Enterprise Platinum Edition instances.
-
You can enable Disk Encryption only when you create an instance.
-
Your Disk Encryption key must be a Key Management Service (KMS) key created in the same region as your instance.
-
Once enabled, Disk Encryption cannot be disabled.
ImportantIf the KMS instance expires, the key becomes unusable.
-
If the encryption key or its required tag (
acs:rocketmq:instance-encryption) is deleted, read and write operations on the Message Queue for Apache RocketMQ instance fail.
Prerequisites
-
Important
Set key type to symmetric key, key specification to Aliyun_AES_256 or Aliyun_SM4, and key usage to ENCRYPT/DECRYPT.
Procedure
Log on to the ApsaraMQ for RocketMQ console.
-
In the top navigation bar, select a region, such as China (Hangzhou).
-
On the Instances page, click Create Instance. In the Create Message Queue for Apache RocketMQ Instance panel, select V5.0 for Instance Version, select a Product Type, and then click OK.
Disk Encryption for Message Queue for Apache RocketMQ supports these billing methods:
-
Subscription: Monthly prepaid for the computing specification.
-
Pay-as-you-go: Hourly billing for the computing specification.
-
-
On the purchase page, select the instance specifications, click Calculating, and complete the payment.
Use these example values to configure the instance. Instance selection describes all available parameters.
Parameter
Value
Primary edition
Enterprise Platinum Edition
Sub-category edition
Cluster High-availability Edition (Recommended for Production Environments)
Computing specification
rmq.s2.2xlarge
VPC ID
vpc-bp1cg09dua6sgh0******
The ID of the VPC created in the prerequisites.
vSwitch ID
vsw-bp1vqb0p9nz3irz******
The ID of the vSwitch created in the prerequisites.
Internet access
Disable
Resource Group
The default Resource Group.
Disk Encryption
Enable
Disk encryption key
key-hzz66c8207****
The ID of the key created in the prerequisites.