OSS Tables supports server-side encryption (AES256) to protect data at rest. You can configure encryption at the bucket level or the table level.
Overview
OSS Tables automatically encrypts data when it is written to storage and decrypts it when it is read. This process is transparent to you. Only the AES256 algorithm is supported. Encryption can be configured at the following levels:
-
Bucket-level encryption: Sets the default encryption for all new tables in a Table Bucket. You can configure an encryption method when you create a Table Bucket, and modify or delete the configuration at any time.
-
Table-level encryption: Specifies an encryption method for a specific table at creation time. If no method is specified, the table inherits the bucket-level configuration. You cannot change a table's encryption method after it is created.
Bucket-level encryption
Console
Configure encryption when you create a Table Bucket
-
Log in to the OSS console. In the left-side navigation pane, choose Table Bucket list.
-
Click Create Table Bucket.
-
In the creation panel, for the server-side encryption method field, select Not Encrypted or AES256.
-
Configure the other settings, and then click OK.
Modify the encryption configuration of an existing Table Bucket
-
Log in to the OSS console. In the left-side navigation pane, choose Table Bucket list.
-
Click the name of the target Table Bucket.
-
In the Table Bucket Basic Information area, next to server-side encryption method, click Edit.
-
Select Not Encrypted or AES256, and then click Save.
ossutil
Query the bucket-level encryption configuration:
ossutil tables-api get-table-bucket-encryption --table-bucket-arn {ARN}
Set bucket-level encryption:
ossutil tables-api put-table-bucket-encryption --table-bucket-arn {ARN} --encryption-configuration '{"sseAlgorithm":"AES256"}'
Delete the bucket-level encryption configuration:
ossutil tables-api delete-table-bucket-encryption --table-bucket-arn {ARN}
SDK
Python
Set the bucket-level encryption configuration:
import argparse
import alibabacloud_oss_v2 as oss
import alibabacloud_oss_v2.tables as oss_tables
parser = argparse.ArgumentParser(description="put table bucket encryption sample")
parser.add_argument('--region', help='The region in which the table bucket is located.', required=True)
parser.add_argument('--endpoint', help='The domain names that other services can use to access OSS Tables.')
parser.add_argument('--table-bucket-arn', help='The ARN of the table bucket.', required=True)
parser.add_argument('--sse-algorithm', help='The server-side encryption algorithm.', required=True)
parser.add_argument('--kms-key-arn', help='The KMS key ARN for encryption.')
def main():
args = parser.parse_args()
credentials_provider = oss.credentials.EnvironmentVariableCredentialsProvider()
cfg = oss.config.load_default()
cfg.credentials_provider = credentials_provider
cfg.region = args.region
if args.endpoint is not None:
cfg.endpoint = args.endpoint
client = oss_tables.Client(cfg)
encryption_configuration = oss_tables.models.EncryptionConfiguration(
sse_algorithm=args.sse_algorithm,
key_arn=args.key_arn,
)
result = client.put_table_bucket_encryption(oss_tables.models.PutTableBucketEncryptionRequest(
table_bucket_arn=args.table_bucket_arn,
encryption_configuration=encryption_configuration,
))
print(f'status code: {result.status_code},'
f' request id: {result.request_id}')
print(f'successfully updated table bucket encryption for: {args.table_bucket_arn}')
if __name__ == "__main__":
main()
Query the bucket-level encryption configuration:
import argparse
import alibabacloud_oss_v2 as oss
import alibabacloud_oss_v2.tables as oss_tables
parser = argparse.ArgumentParser(description="get table bucket encryption sample")
parser.add_argument('--region', help='The region in which the table bucket is located.', required=True)
parser.add_argument('--endpoint', help='The domain names that other services can use to access OSS Tables.')
parser.add_argument('--table-bucket-arn', help='The ARN of the table bucket.', required=True)
def main():
args = parser.parse_args()
credentials_provider = oss.credentials.EnvironmentVariableCredentialsProvider()
cfg = oss.config.load_default()
cfg.credentials_provider = credentials_provider
cfg.region = args.region
if args.endpoint is not None:
cfg.endpoint = args.endpoint
client = oss_tables.Client(cfg)
result = client.get_table_bucket_encryption(oss_tables.models.GetTableBucketEncryptionRequest(
table_bucket_arn=args.table_bucket_arn,
))
print(f'status code: {result.status_code},'
f' request id: {result.request_id}')
if result.encryption_configuration:
print(f'sse algorithm: {result.encryption_configuration.sse_algorithm},'
f' kms key arn: {result.encryption_configuration.key_arn}')
if __name__ == "__main__":
main()
Delete the bucket-level encryption configuration:
import argparse
import alibabacloud_oss_v2 as oss
import alibabacloud_oss_v2.tables as oss_tables
parser = argparse.ArgumentParser(description="delete table bucket encryption sample")
parser.add_argument('--region', help='The region in which the table bucket is located.', required=True)
parser.add_argument('--endpoint', help='The domain names that other services can use to access OSS Tables.')
parser.add_argument('--table-bucket-arn', help='The ARN of the table bucket.', required=True)
def main():
args = parser.parse_args()
credentials_provider = oss.credentials.EnvironmentVariableCredentialsProvider()
cfg = oss.config.load_default()
cfg.credentials_provider = credentials_provider
cfg.region = args.region
if args.endpoint is not None:
cfg.endpoint = args.endpoint
client = oss_tables.Client(cfg)
result = client.delete_table_bucket_encryption(oss_tables.models.DeleteTableBucketEncryptionRequest(
table_bucket_arn=args.table_bucket_arn,
))
print(f'status code: {result.status_code},'
f' request id: {result.request_id}')
print(f'successfully deleted table bucket encryption for: {args.table_bucket_arn}')
if __name__ == "__main__":
main()
Go
Set the bucket-level encryption configuration:
package main
import (
"context"
"flag"
"log"
"github.com/aliyun/alibabacloud-oss-go-sdk-v2/oss"
"github.com/aliyun/alibabacloud-oss-go-sdk-v2/oss/credentials"
"github.com/aliyun/alibabacloud-oss-go-sdk-v2/oss/tables"
)
var (
region string
tableBucketArn string
)
func init() {
flag.StringVar(®ion, "region", "", "The region in which the bucket is located.")
flag.StringVar(&tableBucketArn, "table-bucket-arn", "", "The arn of the table bucket.")
}
func main() {
flag.Parse()
if len(tableBucketArn) == 0 {
flag.PrintDefaults()
log.Fatalf("invalid parameters, table bucket arn required")
}
if len(region) == 0 {
flag.PrintDefaults()
log.Fatalf("invalid parameters, region required")
}
cfg := oss.LoadDefaultConfig().
WithCredentialsProvider(credentials.NewEnvironmentVariableCredentialsProvider()).
WithRegion(region)
client := tables.NewTablesClient(cfg)
result, err := client.PutTableBucketEncryption(context.TODO(), &tables.PutTableBucketEncryptionRequest{
TableBucketARN: oss.Ptr(tableBucketArn),
EncryptionConfiguration: &tables.EncryptionConfiguration{
SseAlgorithm: oss.Ptr("AES256"),
},
})
if err != nil {
log.Fatalf("failed to put table bucket encryption %v", err)
}
log.Printf("put table bucket encryption result:%#v\n", result)
}
Query the bucket-level encryption configuration:
package main
import (
"context"
"flag"
"log"
"github.com/aliyun/alibabacloud-oss-go-sdk-v2/oss"
"github.com/aliyun/alibabacloud-oss-go-sdk-v2/oss/credentials"
"github.com/aliyun/alibabacloud-oss-go-sdk-v2/oss/tables"
)
var (
region string
tableBucketArn string
)
func init() {
flag.StringVar(®ion, "region", "", "The region in which the bucket is located.")
flag.StringVar(&tableBucketArn, "table-bucket-arn", "", "The arn of the table bucket.")
}
func main() {
flag.Parse()
if len(tableBucketArn) == 0 {
flag.PrintDefaults()
log.Fatalf("invalid parameters, table bucket arn required")
}
if len(region) == 0 {
flag.PrintDefaults()
log.Fatalf("invalid parameters, region required")
}
cfg := oss.LoadDefaultConfig().
WithCredentialsProvider(credentials.NewEnvironmentVariableCredentialsProvider()).
WithRegion(region)
client := tables.NewTablesClient(cfg)
result, err := client.GetTableBucketEncryption(context.TODO(), &tables.GetTableBucketEncryptionRequest{
TableBucketARN: oss.Ptr(tableBucketArn),
})
if err != nil {
log.Fatalf("failed to get table bucket encryption %v", err)
}
log.Printf("get table bucket encryption result:%#v\n", result)
}
Delete the bucket-level encryption configuration:
package main
import (
"context"
"flag"
"log"
"github.com/aliyun/alibabacloud-oss-go-sdk-v2/oss"
"github.com/aliyun/alibabacloud-oss-go-sdk-v2/oss/credentials"
"github.com/aliyun/alibabacloud-oss-go-sdk-v2/oss/tables"
)
var (
region string
tableBucketArn string
)
func init() {
flag.StringVar(®ion, "region", "", "The region in which the bucket is located.")
flag.StringVar(&tableBucketArn, "table-bucket-arn", "", "The arn of the table bucket.")
}
func main() {
flag.Parse()
if len(tableBucketArn) == 0 {
flag.PrintDefaults()
log.Fatalf("invalid parameters, table bucket arn required")
}
if len(region) == 0 {
flag.PrintDefaults()
log.Fatalf("invalid parameters, region required")
}
cfg := oss.LoadDefaultConfig().
WithCredentialsProvider(credentials.NewEnvironmentVariableCredentialsProvider()).
WithRegion(region)
client := tables.NewTablesClient(cfg)
result, err := client.DeleteTableBucketEncryption(context.TODO(), &tables.DeleteTableBucketEncryptionRequest{
TableBucketARN: oss.Ptr(tableBucketArn),
})
if err != nil {
log.Fatalf("failed to delete table bucket encryption %v", err)
}
log.Printf("delete table bucket encryption result:%#v\n", result)
}
Java
Set the bucket-level encryption configuration:
import com.aliyun.sdk.service.oss2.credentials.EnvironmentVariableCredentialsProvider;
import com.aliyun.sdk.service.oss2.tables.OSSTablesClient;
import com.aliyun.sdk.service.oss2.tables.models.*;
public class PutTableBucketEncryptionSample {
public static void main(String[] args) throws Exception {
String region = "cn-hangzhou";
String tableBucketARN = "acs:osstables:cn-hangzhou:1234567890:bucket/my-table-bucket";
String sseAlgorithm = "AES256";
try (OSSTablesClient client = OSSTablesClient.newBuilder()
.credentialsProvider(new EnvironmentVariableCredentialsProvider())
.region(region)
.build()) {
EncryptionConfiguration encryptionConfig = EncryptionConfiguration.newBuilder()
.sseAlgorithm(sseAlgorithm)
.build();
PutTableBucketEncryptionRequest request = PutTableBucketEncryptionRequest.newBuilder()
.tableBucketARN(tableBucketARN)
.encryptionConfiguration(encryptionConfig)
.build();
PutTableBucketEncryptionResult result = client.putTableBucketEncryption(request);
System.out.printf("Status code:%d, request id:%s%n",
result.statusCode(), result.requestId());
System.out.printf("Successfully updated table bucket encryption for ARN: %s%n", tableBucketARN);
} catch (Exception e) {
System.out.println("Error: " + e.getMessage());
}
}
}
Query the bucket-level encryption configuration:
import com.aliyun.sdk.service.oss2.credentials.EnvironmentVariableCredentialsProvider;
import com.aliyun.sdk.service.oss2.tables.OSSTablesClient;
import com.aliyun.sdk.service.oss2.tables.models.*;
public class GetTableBucketEncryptionSample {
public static void main(String[] args) throws Exception {
String region = "cn-hangzhou";
String tableBucketARN = "acs:osstables:cn-hangzhou:1234567890:bucket/my-table-bucket";
try (OSSTablesClient client = OSSTablesClient.newBuilder()
.credentialsProvider(new EnvironmentVariableCredentialsProvider())
.region(region)
.build()) {
GetTableBucketEncryptionRequest request = GetTableBucketEncryptionRequest.newBuilder()
.tableBucketARN(tableBucketARN)
.build();
GetTableBucketEncryptionResult result = client.getTableBucketEncryption(request);
System.out.printf("Status code:%d, request id:%s%n",
result.statusCode(), result.requestId());
if (result.encryptionConfiguration() != null) {
System.out.printf("Encryption Algorithm: %s%n", result.encryptionConfiguration().sseAlgorithm());
System.out.printf("Key ARN: %s%n", result.encryptionConfiguration().kmsKeyArn());
} else {
System.out.println("No encryption configuration found.");
}
} catch (Exception e) {
System.out.println("Error: " + e.getMessage());
}
}
}
Delete the bucket-level encryption configuration:
import com.aliyun.sdk.service.oss2.credentials.EnvironmentVariableCredentialsProvider;
import com.aliyun.sdk.service.oss2.tables.OSSTablesClient;
import com.aliyun.sdk.service.oss2.tables.models.*;
public class DeleteTableBucketEncryptionSample {
public static void main(String[] args) throws Exception {
String region = "cn-hangzhou";
String tableBucketARN = "acs:osstables:cn-hangzhou:1234567890:bucket/my-table-bucket";
try (OSSTablesClient client = OSSTablesClient.newBuilder()
.credentialsProvider(new EnvironmentVariableCredentialsProvider())
.region(region)
.build()) {
DeleteTableBucketEncryptionRequest request = DeleteTableBucketEncryptionRequest.newBuilder()
.tableBucketARN(tableBucketARN)
.build();
DeleteTableBucketEncryptionResult result = client.deleteTableBucketEncryption(request);
System.out.printf("Status code:%d, request id:%s%n",
result.statusCode(), result.requestId());
System.out.println("Encryption configuration deleted successfully.");
} catch (Exception e) {
System.out.println("Error: " + e.getMessage());
}
}
}
API
-
Set encryption: PutTableBucketEncryption
-
Query encryption configuration: GetTableBucketEncryption
-
Delete encryption configuration: DeleteTableBucketEncryption
Table-level encryption
Console
Configure encryption when you create a table
-
Log in to the OSS console. In the left-side navigation pane, choose Table Bucket list.
-
Click the name of the target Table Bucket. On the Table List tab, click Create Table.
-
In the creation panel, for the server-side encryption method field, select Not Encrypted or AES256.
-
Configure other settings, such as namespace, table format, table name, and schema, and then click OK.
View the table encryption configuration
On the table details page, the server-side encryption method field in the Basic Information section shows the encryption algorithm for the table.
ossutil
Specify encryption when creating a table (CreateTable)
ossutil tables-api create-table \
--table-bucket-arn acs:osstables:cn-hangzhou:1234567890:bucket/my-table-bucket \
--namespace my_namespace \
--name my_table \
--format ICEBERG \
--encryption-configuration '{"sseAlgorithm":"AES256"}' \
--metadata '{"iceberg":{"schema":{"fields":[{"id":1,"name":"id","type":"long","required":true},{"id":2,"name":"data","type":"string"}]}}}'
Query the table encryption configuration (GetTableEncryption)
ossutil tables-api get-table-encryption \
--table-bucket-arn acs:osstables:cn-hangzhou:1234567890:bucket/my-table-bucket \
--namespace my_namespace \
--name my_table
SDK
Python
Specify encryption when creating a table (CreateTable)
import alibabacloud_oss_v2 as oss
import alibabacloud_oss_v2.tables as oss_tables
credentials_provider = oss.credentials.EnvironmentVariableCredentialsProvider()
cfg = oss.config.load_default()
cfg.credentials_provider = credentials_provider
cfg.region = 'cn-hangzhou'
client = oss_tables.Client(cfg)
# Define the schema
schema = oss_tables.models.IcebergSchema(fields=[
oss_tables.models.SchemaField(id=1, name='id', type='long', required=True),
oss_tables.models.SchemaField(id=2, name='data', type='string'),
])
metadata = oss_tables.models.TableMetadata(
iceberg=oss_tables.models.IcebergMetadata(schema=schema))
# Specify AES256 encryption
encryption = oss_tables.models.EncryptionConfiguration(sse_algorithm='AES256')
result = client.create_table(oss_tables.models.CreateTableRequest(
table_bucket_arn='acs:osstables:cn-hangzhou:1234567890:bucket/my-table-bucket',
namespace='my_namespace',
name='my_table',
format='ICEBERG',
metadata=metadata,
encryption_configuration=encryption,
))
print(f'Table ARN: {result.table_arn}')
Query the table encryption configuration (GetTableEncryption)
import argparse
import alibabacloud_oss_v2 as oss
import alibabacloud_oss_v2.tables as oss_tables
parser = argparse.ArgumentParser(description="get table encryption sample")
parser.add_argument('--region', help='The region in which the table bucket is located.', required=True)
parser.add_argument('--endpoint', help='The domain names that other services can use to access OSS Tables.')
parser.add_argument('--table-bucket-arn', help='The ARN of the table bucket.', required=True)
parser.add_argument('--namespace', help='The namespace of the table.', required=True)
parser.add_argument('--name', help='The name of the table.', required=True)
def main():
args = parser.parse_args()
credentials_provider = oss.credentials.EnvironmentVariableCredentialsProvider()
cfg = oss.config.load_default()
cfg.credentials_provider = credentials_provider
cfg.region = args.region
if args.endpoint is not None:
cfg.endpoint = args.endpoint
client = oss_tables.Client(cfg)
result = client.get_table_encryption(oss_tables.models.GetTableEncryptionRequest(
table_bucket_arn=args.table_bucket_arn,
namespace=args.namespace,
name=args.name,
))
print(f'status code: {result.status_code},'
f' request id: {result.request_id}')
if result.encryption_configuration:
print(f'sse algorithm: {result.encryption_configuration.sse_algorithm},'
f'key arn: {result.encryption_configuration.key_arn}')
if __name__ == "__main__":
main()
Go
Specify encryption when creating a table (CreateTable)
package main
import (
"context"
"fmt"
"github.com/aliyun/alibabacloud-oss-go-sdk-v2/oss"
"github.com/aliyun/alibabacloud-oss-go-sdk-v2/oss/credentials"
"github.com/aliyun/alibabacloud-oss-go-sdk-v2/oss/tables"
)
func main() {
cfg := oss.LoadDefaultConfig().
WithCredentialsProvider(credentials.NewEnvironmentVariableCredentialsProvider()).
WithRegion("cn-hangzhou")
client := tables.NewTablesClient(cfg)
result, err := client.CreateTable(context.TODO(), &tables.CreateTableRequest{
TableBucketARN: oss.Ptr("acs:osstables:cn-hangzhou:1234567890:bucket/my-table-bucket"),
Namespace: oss.Ptr("my_namespace"),
Name: oss.Ptr("my_table"),
Format: oss.Ptr("ICEBERG"),
EncryptionConfiguration: &tables.EncryptionConfiguration{
SseAlgorithm: oss.Ptr("AES256"),
},
})
if err != nil {
panic(err)
}
fmt.Printf("Table ARN: %s\n", *result.TableARN)
}
Query the table encryption configuration (GetTableEncryption)
package main
import (
"context"
"flag"
"log"
"github.com/aliyun/alibabacloud-oss-go-sdk-v2/oss"
"github.com/aliyun/alibabacloud-oss-go-sdk-v2/oss/credentials"
"github.com/aliyun/alibabacloud-oss-go-sdk-v2/oss/tables"
)
var (
region string
tableBucketArn string
namespace string
name string
)
func init() {
flag.StringVar(®ion, "region", "", "The region in which the bucket is located.")
flag.StringVar(&tableBucketArn, "table-bucket-arn", "", "The arn of the table bucket.")
flag.StringVar(&namespace, "namespace", "", "The name of the namespace.")
flag.StringVar(&name, "name", "", "The name of the table.")
}
func main() {
flag.Parse()
if len(tableBucketArn) == 0 {
flag.PrintDefaults()
log.Fatalf("invalid parameters, table bucket arn required")
}
if len(namespace) == 0 {
flag.PrintDefaults()
log.Fatalf("invalid parameters, namespace name required")
}
if len(name) == 0 {
flag.PrintDefaults()
log.Fatalf("invalid parameters, table name required")
}
if len(region) == 0 {
flag.PrintDefaults()
log.Fatalf("invalid parameters, region required")
}
cfg := oss.LoadDefaultConfig().
WithCredentialsProvider(credentials.NewEnvironmentVariableCredentialsProvider()).
WithRegion(region)
client := tables.NewTablesClient(cfg)
result, err := client.GetTableEncryption(context.TODO(), &tables.GetTableEncryptionRequest{
TableBucketARN: oss.Ptr(tableBucketArn),
Namespace: oss.Ptr(namespace),
Name: oss.Ptr(name),
})
if err != nil {
log.Fatalf("failed to get table encryption %v", err)
}
log.Printf("get table encryption result:%#v\n", result)
}
Java
Specify encryption when creating a table (CreateTable)
import com.aliyun.sdk.service.oss2.credentials.EnvironmentVariableCredentialsProvider;
import com.aliyun.sdk.service.oss2.tables.OSSTablesClient;
import com.aliyun.sdk.service.oss2.tables.models.*;
import java.util.ArrayList;
import java.util.List;
public class CreateTableSample {
public static void main(String[] args) throws Exception {
String region = "cn-hangzhou";
String tableBucketARN = "acs:osstables:cn-hangzhou:1234567890:bucket/my-table-bucket";
String namespace = "my-namespace";
String name = "my-table";
String format = "iceberg";
try (OSSTablesClient client = OSSTablesClient.newBuilder()
.credentialsProvider(new EnvironmentVariableCredentialsProvider())
.region(region)
.build()) {
// Create schema fields
List<SchemaField> fields = new ArrayList<>();
fields.add(SchemaField.newBuilder()
.name("id")
.type("long")
.required(true)
.build());
fields.add(SchemaField.newBuilder()
.name("name")
.type("string")
.required(false)
.build());
fields.add(SchemaField.newBuilder()
.name("ts")
.type("timestamptz")
.required(false)
.build());
// Create schema
IcebergSchema icebergSchema = IcebergSchema.newBuilder()
.fields(fields)
.build();
// Create partition spec
IcebergPartitionField partitionField = IcebergPartitionField.newBuilder()
.sourceId(2)
.transform("identity")
.name("region")
.fieldId(1001)
.build();
List<IcebergPartitionField> partitionFields = new ArrayList<>();
partitionFields.add(partitionField);
IcebergPartitionSpec partitionSpec = IcebergPartitionSpec.newBuilder()
.specId(0)
.fields(partitionFields)
.build();
// Create iceberg metadata
IcebergMetadata icebergMetadata = IcebergMetadata.newBuilder()
.schema(icebergSchema)
.partitionSpec(partitionSpec)
.build();
// Set metadata
TableMetadata metadata = TableMetadata.newBuilder()
.iceberg(icebergMetadata)
.build();
// Add encryption configuration
EncryptionConfiguration encryptionConfig = EncryptionConfiguration.newBuilder()
.sseAlgorithm("AES256")
.build();
CreateTableRequest request = CreateTableRequest.newBuilder()
.tableBucketARN(tableBucketARN)
.namespace(namespace)
.name(name)
.format(format)
.metadata(metadata)
.encryptionConfiguration(encryptionConfig)
.build();
CreateTableResult result = client.createTable(request);
System.out.printf("Status code:%d, request id:%s%n",
result.statusCode(), result.requestId());
System.out.printf("Created table with ARN: %s%n", result.tableARN());
System.out.printf("Version token: %s%n", result.versionToken());
} catch (Exception e) {
System.out.println("Error: " + e.getMessage());
}
}
}
Query the table encryption configuration (GetTableEncryption)
import com.aliyun.sdk.service.oss2.credentials.EnvironmentVariableCredentialsProvider;
import com.aliyun.sdk.service.oss2.tables.OSSTablesClient;
import com.aliyun.sdk.service.oss2.tables.models.*;
public class GetTableEncryptionSample {
public static void main(String[] args) throws Exception {
String region = "cn-hangzhou";
String tableBucketARN = "acs:osstables:cn-hangzhou:1234567890:bucket/my-table-bucket";
String namespace = "my-namespace";
String name = "my-table";
try (OSSTablesClient client = OSSTablesClient.newBuilder()
.credentialsProvider(new EnvironmentVariableCredentialsProvider())
.region(region)
.build()) {
GetTableEncryptionRequest request = GetTableEncryptionRequest.newBuilder()
.tableBucketARN(tableBucketARN)
.namespace(namespace)
.name(name)
.build();
GetTableEncryptionResult result = client.getTableEncryption(request);
System.out.printf("Status code:%d, request id:%s%n",
result.statusCode(), result.requestId());
if (result.encryptionConfiguration() != null) {
System.out.printf("SSE Algorithm: %s%n", result.encryptionConfiguration().sseAlgorithm());
System.out.printf("Key ARN: %s%n", result.encryptionConfiguration().kmsKeyArn());
}
} catch (Exception e) {
System.out.println("Error: " + e.getMessage());
}
}
}
API
-
Specify encryption when creating a table: Call the CreateTable API and set the
encryptionConfigurationparameter. -
Query the table encryption configuration: GetTableEncryption