You can enable gateway encryption when you create a gateway. After gateway encryption is enabled, files in the gateway cache will be encrypted before they are uploaded to OSS. Only encrypted files in OSS will be synchronized to the local client. This topic describes how to enable gateway encryption.
Prerequisites
- You have created a file gateway and added a cache. For more information, see Create a file gateway and Add a cache disk.
- You have created an OSS bucket. For more information, see Create a bucket.
- You have created an Alibaba Cloud KMS key in the region where the target OSS bucket is deployed, or an external key in the KMS console.
Background information
When you enable gateway encryption, pay attention to the following notes.
- Only users in the whitelist can use gateway encryption. If you are not in the whitelist and want to use this feature, submit a ticket.
- Currently, only Enhanced and Advanced gateways support this feature.
- When this feature is enabled for a share, unencrypted files in the associated OSS bucket will not be synchronized to the local client.
Procedure
Gateway encryption can be enabled only when you create a share. The following procedure shows how to enable this feature when you create a share.
After the share is created, you can click the + icon on the left side of the share name to verify that Encryption is set to Gateway Side Encryption.