OSS Tables supports server-side encryption to protect your data at rest using the AES256 algorithm. You can configure encryption at two levels: bucket-level and table-level.
Overview
The server-side encryption feature in OSS Tables automatically encrypts your data when written to storage and decrypts it when read. The process is transparent. Currently, only the AES256 algorithm is supported. You can configure encryption at the following two levels:
Bucket-level encryption: Sets the default encryption for new tables in a Table Bucket. You can configure the encryption method when you create a Table Bucket. You can also modify or delete the encryption configuration at any time.
Table-level encryption: Lets you specify an encryption method for a specific table when you create it. If you do not specify an encryption method, the bucket-level encryption configuration is used. After a table is created, its encryption method cannot be changed.
Bucket-level encryption
Console
Configure encryption when creating a Table Bucket
Log in to the OSS Management Console. In the left-side navigation pane, select Table Bucket list.
Click Create Table Bucket.
In the creation panel, in the server-side encryption method field, select None or AES256.
After you configure the other settings, click OK.
Modify the encryption configuration of an existing Table Bucket
Log in to the OSS Management Console. In the left-side navigation pane, select Table Bucket list.
Click the name of the target Table Bucket to open its details page.
In the Table Bucket Basic Information section, find the server-side encryption method field and click the Edit link next to it.
Select None or AES256, and then click Save.
ossutil
Query the bucket-level encryption configuration:
ossutil tables-api get-table-bucket-encryption --table-bucket-arn {ARN}Set the bucket-level encryption configuration:
ossutil tables-api put-table-bucket-encryption --table-bucket-arn {ARN} --encryption-configuration '{"sseAlgorithm":"AES256"}'Delete the bucket-level encryption configuration:
ossutil tables-api delete-table-bucket-encryption --table-bucket-arn {ARN}SDK
Python
The following example shows how to set the bucket-level encryption configuration.
import argparse
import alibabacloud_oss_v2 as oss
import alibabacloud_oss_v2.tables as oss_tables
parser = argparse.ArgumentParser(description="put table bucket encryption sample")
parser.add_argument('--region', help='The region in which the table bucket is located.', required=True)
parser.add_argument('--endpoint', help='The domain names that other services can use to access OSS Tables.')
parser.add_argument('--table-bucket-arn', help='The ARN of the table bucket.', required=True)
parser.add_argument('--sse-algorithm', help='The server-side encryption algorithm.', required=True)
parser.add_argument('--kms-key-arn', help='The KMS key ARN for encryption.')
def main():
args = parser.parse_args()
credentials_provider = oss.credentials.EnvironmentVariableCredentialsProvider()
cfg = oss.config.load_default()
cfg.credentials_provider = credentials_provider
cfg.region = args.region
if args.endpoint is not None:
cfg.endpoint = args.endpoint
client = oss_tables.Client(cfg)
encryption_configuration = oss_tables.models.EncryptionConfiguration(
sse_algorithm=args.sse_algorithm,
kms_key_arn=args.kms_key_arn,
)
result = client.put_table_bucket_encryption(oss_tables.models.PutTableBucketEncryptionRequest(
table_bucket_arn=args.table_bucket_arn,
encryption_configuration=encryption_configuration,
))
print(f'status code: {result.status_code},'
f' request id: {result.request_id}')
print(f'successfully updated table bucket encryption for: {args.table_bucket_arn}')
if __name__ == "__main__":
main()The following example shows how to query the bucket-level encryption configuration.
import argparse
import alibabacloud_oss_v2 as oss
import alibabacloud_oss_v2.tables as oss_tables
parser = argparse.ArgumentParser(description="get table bucket encryption sample")
parser.add_argument('--region', help='The region in which the table bucket is located.', required=True)
parser.add_argument('--endpoint', help='The domain names that other services can use to access OSS Tables.')
parser.add_argument('--table-bucket-arn', help='The ARN of the table bucket.', required=True)
def main():
args = parser.parse_args()
credentials_provider = oss.credentials.EnvironmentVariableCredentialsProvider()
cfg = oss.config.load_default()
cfg.credentials_provider = credentials_provider
cfg.region = args.region
if args.endpoint is not None:
cfg.endpoint = args.endpoint
client = oss_tables.Client(cfg)
result = client.get_table_bucket_encryption(oss_tables.models.GetTableBucketEncryptionRequest(
table_bucket_arn=args.table_bucket_arn,
))
print(f'status code: {result.status_code},'
f' request id: {result.request_id}')
if result.encryption_configuration:
print(f'sse algorithm: {result.encryption_configuration.sse_algorithm},'
f' kms key arn: {result.encryption_configuration.kms_key_arn}')
if __name__ == "__main__":
main()The following example shows how to delete the bucket-level encryption configuration.
import argparse
import alibabacloud_oss_v2 as oss
import alibabacloud_oss_v2.tables as oss_tables
parser = argparse.ArgumentParser(description="delete table bucket encryption sample")
parser.add_argument('--region', help='The region in which the table bucket is located.', required=True)
parser.add_argument('--endpoint', help='The domain names that other services can use to access OSS Tables.')
parser.add_argument('--table-bucket-arn', help='The ARN of the table bucket.', required=True)
def main():
args = parser.parse_args()
credentials_provider = oss.credentials.EnvironmentVariableCredentialsProvider()
cfg = oss.config.load_default()
cfg.credentials_provider = credentials_provider
cfg.region = args.region
if args.endpoint is not None:
cfg.endpoint = args.endpoint
client = oss_tables.Client(cfg)
result = client.delete_table_bucket_encryption(oss_tables.models.DeleteTableBucketEncryptionRequest(
table_bucket_arn=args.table_bucket_arn,
))
print(f'status code: {result.status_code},'
f' request id: {result.request_id}')
print(f'successfully deleted table bucket encryption for: {args.table_bucket_arn}')
if __name__ == "__main__":
main()Go
The following example shows how to set the bucket-level encryption configuration.
package main
import (
"context"
"flag"
"log"
"github.com/aliyun/alibabacloud-oss-go-sdk-v2/oss"
"github.com/aliyun/alibabacloud-oss-go-sdk-v2/oss/credentials"
"github.com/aliyun/alibabacloud-oss-go-sdk-v2/oss/tables"
)
var (
region string
tableBucketArn string
)
func init() {
flag.StringVar(®ion, "region", "", "The region in which the bucket is located.")
flag.StringVar(&tableBucketArn, "table-bucket-arn", "", "The arn of the table bucket.")
}
func main() {
flag.Parse()
if len(tableBucketArn) == 0 {
flag.PrintDefaults()
log.Fatalf("invalid parameters, table bucket arn required")
}
if len(region) == 0 {
flag.PrintDefaults()
log.Fatalf("invalid parameters, region required")
}
cfg := oss.LoadDefaultConfig().
WithCredentialsProvider(credentials.NewEnvironmentVariableCredentialsProvider()).
WithRegion(region)
client := tables.NewTablesClient(cfg)
result, err := client.PutTableBucketEncryption(context.TODO(), &tables.PutTableBucketEncryptionRequest{
TableBucketARN: oss.Ptr(tableBucketArn),
EncryptionConfiguration: &tables.EncryptionConfiguration{
SseAlgorithm: oss.Ptr("AES256"),
},
})
if err != nil {
log.Fatalf("failed to put table bucket encryption %v", err)
}
log.Printf("put table bucket encryption result:%#v\n", result)
}The following example shows how to query the bucket-level encryption configuration.
package main
import (
"context"
"flag"
"log"
"github.com/aliyun/alibabacloud-oss-go-sdk-v2/oss"
"github.com/aliyun/alibabacloud-oss-go-sdk-v2/oss/credentials"
"github.com/aliyun/alibabacloud-oss-go-sdk-v2/oss/tables"
)
var (
region string
tableBucketArn string
)
func init() {
flag.StringVar(®ion, "region", "", "The region in which the bucket is located.")
flag.StringVar(&tableBucketArn, "table-bucket-arn", "", "The arn of the table bucket.")
}
func main() {
flag.Parse()
if len(tableBucketArn) == 0 {
flag.PrintDefaults()
log.Fatalf("invalid parameters, table bucket arn required")
}
if len(region) == 0 {
flag.PrintDefaults()
log.Fatalf("invalid parameters, region required")
}
cfg := oss.LoadDefaultConfig().
WithCredentialsProvider(credentials.NewEnvironmentVariableCredentialsProvider()).
WithRegion(region)
client := tables.NewTablesClient(cfg)
result, err := client.GetTableBucketEncryption(context.TODO(), &tables.GetTableBucketEncryptionRequest{
TableBucketARN: oss.Ptr(tableBucketArn),
})
if err != nil {
log.Fatalf("failed to get table bucket encryption %v", err)
}
log.Printf("get table bucket encryption result:%#v\n", result)
}The following example shows how to delete the bucket-level encryption configuration.
package main
import (
"context"
"flag"
"log"
"github.com/aliyun/alibabacloud-oss-go-sdk-v2/oss"
"github.com/aliyun/alibabacloud-oss-go-sdk-v2/oss/credentials"
"github.com/aliyun/alibabacloud-oss-go-sdk-v2/oss/tables"
)
var (
region string
tableBucketArn string
)
func init() {
flag.StringVar(®ion, "region", "", "The region in which the bucket is located.")
flag.StringVar(&tableBucketArn, "table-bucket-arn", "", "The arn of the table bucket.")
}
func main() {
flag.Parse()
if len(tableBucketArn) == 0 {
flag.PrintDefaults()
log.Fatalf("invalid parameters, table bucket arn required")
}
if len(region) == 0 {
flag.PrintDefaults()
log.Fatalf("invalid parameters, region required")
}
cfg := oss.LoadDefaultConfig().
WithCredentialsProvider(credentials.NewEnvironmentVariableCredentialsProvider()).
WithRegion(region)
client := tables.NewTablesClient(cfg)
result, err := client.DeleteTableBucketEncryption(context.TODO(), &tables.DeleteTableBucketEncryptionRequest{
TableBucketARN: oss.Ptr(tableBucketArn),
})
if err != nil {
log.Fatalf("failed to delete table bucket encryption %v", err)
}
log.Printf("delete table bucket encryption result:%#v\n", result)
}Java
The following example shows how to set the bucket-level encryption configuration.
import com.aliyun.sdk.service.oss2.credentials.EnvironmentVariableCredentialsProvider;
import com.aliyun.sdk.service.oss2.tables.OSSTablesClient;
import com.aliyun.sdk.service.oss2.tables.models.*;
public class PutTableBucketEncryptionSample {
public static void main(String[] args) throws Exception {
String region = "cn-hangzhou";
String tableBucketARN = "acs:osstables:cn-hangzhou:1234567890:bucket/my-table-bucket";
try (OSSTablesClient client = OSSTablesClient.newBuilder()
.credentialsProvider(new EnvironmentVariableCredentialsProvider())
.region(region)
.build()) {
EncryptionConfiguration encryptionConfig = EncryptionConfiguration.newBuilder()
.sseAlgorithm("AES256")
.build();
PutTableBucketEncryptionRequest request = PutTableBucketEncryptionRequest.newBuilder()
.tableBucketARN(tableBucketARN)
.encryptionConfiguration(encryptionConfig)
.build();
PutTableBucketEncryptionResult result = client.putTableBucketEncryption(request);
System.out.printf("Status code:%d, request id:%s%n",
result.statusCode(), result.requestId());
System.out.println("Encryption configuration set successfully.");
} catch (Exception e) {
System.out.println("Error: " + e.getMessage());
}
}
}
The following example shows how to query the bucket-level encryption configuration.
import com.aliyun.sdk.service.oss2.credentials.EnvironmentVariableCredentialsProvider;
import com.aliyun.sdk.service.oss2.tables.OSSTablesClient;
import com.aliyun.sdk.service.oss2.tables.models.*;
public class GetTableBucketEncryptionSample {
public static void main(String[] args) throws Exception {
String region = "cn-hangzhou";
String tableBucketARN = "acs:osstables:cn-hangzhou:1234567890:bucket/my-table-bucket";
try (OSSTablesClient client = OSSTablesClient.newBuilder()
.credentialsProvider(new EnvironmentVariableCredentialsProvider())
.region(region)
.build()) {
GetTableBucketEncryptionRequest request = GetTableBucketEncryptionRequest.newBuilder()
.tableBucketARN(tableBucketARN)
.build();
GetTableBucketEncryptionResult result = client.getTableBucketEncryption(request);
System.out.printf("Status code:%d, request id:%s%n",
result.statusCode(), result.requestId());
if (result.encryptionConfiguration() != null) {
System.out.printf("Encryption Algorithm: %s%n", result.encryptionConfiguration().sseAlgorithm());
System.out.printf("KMS Key ARN: %s%n", result.encryptionConfiguration().kmsKeyArn());
} else {
System.out.println("No encryption configuration found.");
}
} catch (Exception e) {
System.out.println("Error: " + e.getMessage());
}
}
}The following example shows how to delete the bucket-level encryption configuration.
import com.aliyun.sdk.service.oss2.credentials.EnvironmentVariableCredentialsProvider;
import com.aliyun.sdk.service.oss2.tables.OSSTablesClient;
import com.aliyun.sdk.service.oss2.tables.models.*;
public class DeleteTableBucketEncryptionSample {
public static void main(String[] args) throws Exception {
String region = "cn-hangzhou";
String tableBucketARN = "acs:osstables:cn-hangzhou:1234567890:bucket/my-table-bucket";
try (OSSTablesClient client = OSSTablesClient.newBuilder()
.credentialsProvider(new EnvironmentVariableCredentialsProvider())
.region(region)
.build()) {
DeleteTableBucketEncryptionRequest request = DeleteTableBucketEncryptionRequest.newBuilder()
.tableBucketARN(tableBucketARN)
.build();
DeleteTableBucketEncryptionResult result = client.deleteTableBucketEncryption(request);
System.out.printf("Status code:%d, request id:%s%n",
result.statusCode(), result.requestId());
System.out.println("Encryption configuration deleted successfully.");
} catch (Exception e) {
System.out.println("Error: " + e.getMessage());
}
}
}API
Set encryption: PutTableBucketEncryption
Query encryption configuration: GetTableBucketEncryption
Delete encryption configuration: DeleteTableBucketEncryption
Table-level encryption
Console
Configure encryption when creating a table
Log in to the OSS Management Console. In the left-side navigation pane, select Table Bucket list.
Click the name of the target Table Bucket, and on the Table list tab, click Create Table.
In the Create Table panel, in the server-side encryption method field, select None or AES256.
After you configure the other settings (such as namespace, table format, table name, and field information), click OK.
View the table encryption configuration
On the table details page, the server-side encryption method field in the basic information section displays the current encryption algorithm for the table.
ossutil
Specify encryption when creating a table (CreateTable)
ossutil tables-api create-table \
--table-bucket-arn acs:osstables:cn-hangzhou:1234567890:bucket/my-table-bucket \
--namespace my_namespace \
--name my_table \
--format ICEBERG \
--encryption-configuration '{"sseAlgorithm":"AES256"}' \
--metadata '{"iceberg":{"schema":{"fields":[{"id":1,"name":"id","type":"long","required":true},{"id":2,"name":"data","type":"string"}]}}}'Query the table encryption configuration (GetTableEncryption)
ossutil tables-api get-table-encryption \
--table-bucket-arn acs:osstables:cn-hangzhou:1234567890:bucket/my-table-bucket \
--namespace my_namespace \
--name my_tableSDK
Python
Specify encryption when creating a table (CreateTable)
import alibabacloud_oss_v2 as oss
import alibabacloud_oss_v2.tables as oss_tables
credentials_provider = oss.credentials.EnvironmentVariableCredentialsProvider()
cfg = oss.config.load_default()
cfg.credentials_provider = credentials_provider
cfg.region = 'cn-hangzhou'
client = oss_tables.Client(cfg)
# Define the schema
schema = oss_tables.models.IcebergSchema(fields=[
oss_tables.models.SchemaField(id=1, name='id', type='long', required=True),
oss_tables.models.SchemaField(id=2, name='data', type='string'),
])
metadata = oss_tables.models.TableMetadata(
iceberg=oss_tables.models.IcebergMetadata(schema=schema))
# Specify AES256 encryption
encryption = oss_tables.models.EncryptionConfiguration(sse_algorithm='AES256')
result = client.create_table(oss_tables.models.CreateTableRequest(
table_bucket_arn='acs:osstables:cn-hangzhou:1234567890:bucket/my-table-bucket',
namespace='my_namespace',
name='my_table',
format='ICEBERG',
metadata=metadata,
encryption_configuration=encryption,
))
print(f'Table ARN: {result.table_arn}')Query the table encryption configuration (GetTableEncryption)
import argparse
import alibabacloud_oss_v2 as oss
import alibabacloud_oss_v2.tables as oss_tables
parser = argparse.ArgumentParser(description="get table encryption sample")
parser.add_argument('--region', help='The region in which the table bucket is located.', required=True)
parser.add_argument('--endpoint', help='The domain names that other services can use to access OSS Tables.')
parser.add_argument('--table-bucket-arn', help='The ARN of the table bucket.', required=True)
parser.add_argument('--namespace', help='The namespace of the table.', required=True)
parser.add_argument('--name', help='The name of the table.', required=True)
def main():
args = parser.parse_args()
credentials_provider = oss.credentials.EnvironmentVariableCredentialsProvider()
cfg = oss.config.load_default()
cfg.credentials_provider = credentials_provider
cfg.region = args.region
if args.endpoint is not None:
cfg.endpoint = args.endpoint
client = oss_tables.Client(cfg)
result = client.get_table_encryption(oss_tables.models.GetTableEncryptionRequest(
table_bucket_arn=args.table_bucket_arn,
namespace=args.namespace,
name=args.name,
))
print(f'status code: {result.status_code},'
f' request id: {result.request_id}')
if result.encryption_configuration:
print(f'sse algorithm: {result.encryption_configuration.sse_algorithm},'
f' kms key arn: {result.encryption_configuration.kms_key_arn}')
if __name__ == "__main__":
main()Go
Specify encryption when creating a table (CreateTable)
package main
import (
"context"
"fmt"
"github.com/aliyun/alibabacloud-oss-go-sdk-v2/oss"
"github.com/aliyun/alibabacloud-oss-go-sdk-v2/oss/credentials"
"github.com/aliyun/alibabacloud-oss-go-sdk-v2/oss/tables"
)
func main() {
cfg := oss.LoadDefaultConfig().
WithCredentialsProvider(credentials.NewEnvironmentVariableCredentialsProvider()).
WithRegion("cn-hangzhou")
client := tables.NewTablesClient(cfg)
result, err := client.CreateTable(context.TODO(), &tables.CreateTableRequest{
TableBucketARN: oss.Ptr("acs:osstables:cn-hangzhou:1234567890:bucket/my-table-bucket"),
Namespace: oss.Ptr("my_namespace"),
Name: oss.Ptr("my_table"),
Format: oss.Ptr("ICEBERG"),
EncryptionConfiguration: &tables.EncryptionConfiguration{
SseAlgorithm: oss.Ptr("AES256"),
},
})
if err != nil {
panic(err)
}
fmt.Printf("Table ARN: %s\n", *result.TableARN)
}Query the table encryption configuration (GetTableEncryption)
package main
import (
"context"
"flag"
"log"
"github.com/aliyun/alibabacloud-oss-go-sdk-v2/oss"
"github.com/aliyun/alibabacloud-oss-go-sdk-v2/oss/credentials"
"github.com/aliyun/alibabacloud-oss-go-sdk-v2/oss/tables"
)
var (
region string
tableBucketArn string
namespace string
name string
)
func init() {
flag.StringVar(®ion, "region", "", "The region in which the bucket is located.")
flag.StringVar(&tableBucketArn, "table-bucket-arn", "", "The arn of the table bucket.")
flag.StringVar(&namespace, "namespace", "", "The name of the namespace.")
flag.StringVar(&name, "name", "", "The name of the table.")
}
func main() {
flag.Parse()
if len(tableBucketArn) == 0 {
flag.PrintDefaults()
log.Fatalf("invalid parameters, table bucket arn required")
}
if len(namespace) == 0 {
flag.PrintDefaults()
log.Fatalf("invalid parameters, namespace name required")
}
if len(name) == 0 {
flag.PrintDefaults()
log.Fatalf("invalid parameters, table name required")
}
if len(region) == 0 {
flag.PrintDefaults()
log.Fatalf("invalid parameters, region required")
}
cfg := oss.LoadDefaultConfig().
WithCredentialsProvider(credentials.NewEnvironmentVariableCredentialsProvider()).
WithRegion(region)
client := tables.NewTablesClient(cfg)
result, err := client.GetTableEncryption(context.TODO(), &tables.GetTableEncryptionRequest{
TableBucketARN: oss.Ptr(tableBucketArn),
Namespace: oss.Ptr(namespace),
Name: oss.Ptr(name),
})
if err != nil {
log.Fatalf("failed to get table encryption %v", err)
}
log.Printf("get table encryption result:%#v\n", result)
}Java
Specify encryption when creating a table (CreateTable)
import com.aliyun.sdk.service.oss2.credentials.EnvironmentVariableCredentialsProvider;
import com.aliyun.sdk.service.oss2.tables.OSSTablesClient;
import com.aliyun.sdk.service.oss2.tables.models.*;
import java.util.ArrayList;
import java.util.List;
public class CreateTableSample {
public static void main(String[] args) throws Exception {
String region = "cn-hangzhou";
String tableBucketARN = "acs:osstables:cn-hangzhou:1234567890:bucket/my-table-bucket";
String namespace = "my-namespace";
String name = "my-table";
String format = "iceberg";
try (OSSTablesClient client = OSSTablesClient.newBuilder()
.credentialsProvider(new EnvironmentVariableCredentialsProvider())
.region(region)
.build()) {
// Create schema fields
List<SchemaField> fields = new ArrayList<>();
fields.add(SchemaField.newBuilder()
.name("id")
.type("long")
.required(true)
.build());
fields.add(SchemaField.newBuilder()
.name("name")
.type("string")
.required(false)
.build());
fields.add(SchemaField.newBuilder()
.name("ts")
.type("timestamptz")
.required(false)
.build());
// Create schema
IcebergSchema icebergSchema = IcebergSchema.newBuilder()
.fields(fields)
.build();
// Create partition spec
IcebergPartitionField partitionField = IcebergPartitionField.newBuilder()
.sourceId(2)
.transform("identity")
.name("region")
.fieldId(1001)
.build();
List<IcebergPartitionField> partitionFields = new ArrayList<>();
partitionFields.add(partitionField);
IcebergPartitionSpec partitionSpec = IcebergPartitionSpec.newBuilder()
.specId(0)
.fields(partitionFields)
.build();
// Create iceberg metadata
IcebergMetadata icebergMetadata = IcebergMetadata.newBuilder()
.schema(icebergSchema)
.partitionSpec(partitionSpec)
.build();
// Set metadata
TableMetadata metadata = TableMetadata.newBuilder()
.iceberg(icebergMetadata)
.build();
// Add encryption configuration
EncryptionConfiguration encryptionConfig = EncryptionConfiguration.newBuilder()
.sseAlgorithm("AES256")
.build();
CreateTableRequest request = CreateTableRequest.newBuilder()
.tableBucketARN(tableBucketARN)
.namespace(namespace)
.name(name)
.format(format)
.metadata(metadata)
.encryptionConfiguration(encryptionConfig)
.build();
CreateTableResult result = client.createTable(request);
System.out.printf("Status code:%d, request id:%s%n",
result.statusCode(), result.requestId());
System.out.printf("Created table with ARN: %s%n", result.tableARN());
System.out.printf("Version token: %s%n", result.versionToken());
} catch (Exception e) {
System.out.println("Error: " + e.getMessage());
}
}
}Query the table encryption configuration (GetTableEncryption)
import com.aliyun.sdk.service.oss2.credentials.EnvironmentVariableCredentialsProvider;
import com.aliyun.sdk.service.oss2.tables.OSSTablesClient;
import com.aliyun.sdk.service.oss2.tables.models.*;
public class GetTableEncryptionSample {
public static void main(String[] args) throws Exception {
String region = "cn-hangzhou";
String tableBucketARN = "acs:osstables:cn-hangzhou:1234567890:bucket/my-table-bucket";
String namespace = "my-namespace";
String name = "my-table";
try (OSSTablesClient client = OSSTablesClient.newBuilder()
.credentialsProvider(new EnvironmentVariableCredentialsProvider())
.region(region)
.build()) {
GetTableEncryptionRequest request = GetTableEncryptionRequest.newBuilder()
.tableBucketARN(tableBucketARN)
.namespace(namespace)
.name(name)
.build();
GetTableEncryptionResult result = client.getTableEncryption(request);
System.out.printf("Status code:%d, request id:%s%n",
result.statusCode(), result.requestId());
if (result.encryptionConfiguration() != null) {
System.out.printf("SSE Algorithm: %s%n", result.encryptionConfiguration().sseAlgorithm());
System.out.printf("KMS Key ARN: %s%n", result.encryptionConfiguration().kmsKeyArn());
}
} catch (Exception e) {
System.out.println("Error: " + e.getMessage());
}
}
}API
Specify encryption when creating a table: Call the CreateTable API operation and use the
encryptionConfigurationparameter to set the encryption.Query table encryption configuration: GetTableEncryption