服務端加密

更新時間:
Copy as MD

OSS Tables支援服務端加密(Server-Side Encryption),使用AES256演算法對儲存的資料進行加密保護。加密配置支援Bucket層級和Table層級兩種粒度。

功能概述

OSS Tables的服務端加密功能會在資料寫入儲存時自動進行加密,讀取時自動解密,整個過程對使用者透明。目前僅支援AES256演算法。加密配置分為以下兩個層級:

  • Bucket層級加密:作為Table Bucket下建立Table時的預設加密配置,對該Bucket下所有新建立的Table生效。建立Table Bucket時可選配置加密方式,建立後也支援隨時修改或刪除加密配置。

  • Table層級加密:在建立Table時指定加密方式,僅對該Table生效,未指定時使用 Bucket 層級加密配置。建立Table後,加密方式不可修改。

Bucket層級加密

控制台

建立Table Bucket時配置加密

  1. 登入OSS管理主控台,在左側導覽列選擇Table Bucket 列表

  2. 單擊建立 Table Bucket

  3. 在建立面板中,服務端加密方式欄位選擇不加密AES256

  4. 完成其他配置後,單擊確定

修改已有Table Bucket的加密配置

  1. 登入OSS管理主控台,在左側導覽列選擇Table Bucket 列表

  2. 單擊目標Table Bucket名稱,進入Table Bucket詳情頁。

  3. Table Bucket 基本資料地區,找到服務端加密方式欄位,單擊旁邊的編輯連結。

  4. 選擇不加密AES256,單擊儲存

ossutil

查詢Bucket層級加密配置:

ossutil tables-api get-table-bucket-encryption --table-bucket-arn {ARN}

設定Bucket層級加密:

ossutil tables-api put-table-bucket-encryption --table-bucket-arn {ARN} --encryption-configuration '{"sseAlgorithm":"AES256"}'

刪除Bucket層級加密配置:

ossutil tables-api delete-table-bucket-encryption --table-bucket-arn {ARN}

SDK

Python

以下樣本展示了如何設定Bucket層級加密配置。

import argparse
import alibabacloud_oss_v2 as oss
import alibabacloud_oss_v2.tables as oss_tables

parser = argparse.ArgumentParser(description="put table bucket encryption sample")
parser.add_argument('--region', help='The region in which the table bucket is located.', required=True)
parser.add_argument('--endpoint', help='The domain names that other services can use to access OSS Tables.')
parser.add_argument('--table-bucket-arn', help='The ARN of the table bucket.', required=True)
parser.add_argument('--sse-algorithm', help='The server-side encryption algorithm.', required=True)
parser.add_argument('--kms-key-arn', help='The KMS key ARN for encryption.')

def main():
    args = parser.parse_args()

    credentials_provider = oss.credentials.EnvironmentVariableCredentialsProvider()

    cfg = oss.config.load_default()
    cfg.credentials_provider = credentials_provider
    cfg.region = args.region
    if args.endpoint is not None:
        cfg.endpoint = args.endpoint

    client = oss_tables.Client(cfg)

    encryption_configuration = oss_tables.models.EncryptionConfiguration(
        sse_algorithm=args.sse_algorithm,
        key_arn=args.key_arn,
    )

    result = client.put_table_bucket_encryption(oss_tables.models.PutTableBucketEncryptionRequest(
        table_bucket_arn=args.table_bucket_arn,
        encryption_configuration=encryption_configuration,
    ))

    print(f'status code: {result.status_code},'
          f' request id: {result.request_id}')
    print(f'successfully updated table bucket encryption for: {args.table_bucket_arn}')


if __name__ == "__main__":
    main()

以下樣本展示了如何查詢Bucket層級加密配置。

import argparse
import alibabacloud_oss_v2 as oss
import alibabacloud_oss_v2.tables as oss_tables

parser = argparse.ArgumentParser(description="get table bucket encryption sample")
parser.add_argument('--region', help='The region in which the table bucket is located.', required=True)
parser.add_argument('--endpoint', help='The domain names that other services can use to access OSS Tables.')
parser.add_argument('--table-bucket-arn', help='The ARN of the table bucket.', required=True)

def main():
    args = parser.parse_args()

    credentials_provider = oss.credentials.EnvironmentVariableCredentialsProvider()

    cfg = oss.config.load_default()
    cfg.credentials_provider = credentials_provider
    cfg.region = args.region
    if args.endpoint is not None:
        cfg.endpoint = args.endpoint

    client = oss_tables.Client(cfg)

    result = client.get_table_bucket_encryption(oss_tables.models.GetTableBucketEncryptionRequest(
        table_bucket_arn=args.table_bucket_arn,
    ))

    print(f'status code: {result.status_code},'
          f' request id: {result.request_id}')

    if result.encryption_configuration:
        print(f'sse algorithm: {result.encryption_configuration.sse_algorithm},'
              f' kms key arn: {result.encryption_configuration.key_arn}')


if __name__ == "__main__":
    main()

以下樣本展示了如何刪除Bucket層級加密配置。

import argparse
import alibabacloud_oss_v2 as oss
import alibabacloud_oss_v2.tables as oss_tables

parser = argparse.ArgumentParser(description="delete table bucket encryption sample")
parser.add_argument('--region', help='The region in which the table bucket is located.', required=True)
parser.add_argument('--endpoint', help='The domain names that other services can use to access OSS Tables.')
parser.add_argument('--table-bucket-arn', help='The ARN of the table bucket.', required=True)

def main():
    args = parser.parse_args()

    credentials_provider = oss.credentials.EnvironmentVariableCredentialsProvider()

    cfg = oss.config.load_default()
    cfg.credentials_provider = credentials_provider
    cfg.region = args.region
    if args.endpoint is not None:
        cfg.endpoint = args.endpoint

    client = oss_tables.Client(cfg)

    result = client.delete_table_bucket_encryption(oss_tables.models.DeleteTableBucketEncryptionRequest(
        table_bucket_arn=args.table_bucket_arn,
    ))

    print(f'status code: {result.status_code},'
          f' request id: {result.request_id}')
    print(f'successfully deleted table bucket encryption for: {args.table_bucket_arn}')


if __name__ == "__main__":
    main()

Go

以下樣本展示了如何設定Bucket層級加密配置。

package main

import (
	"context"
	"flag"
	"log"

	"github.com/aliyun/alibabacloud-oss-go-sdk-v2/oss"
	"github.com/aliyun/alibabacloud-oss-go-sdk-v2/oss/credentials"
	"github.com/aliyun/alibabacloud-oss-go-sdk-v2/oss/tables"
)

var (
	region         string
	tableBucketArn string
)

func init() {
	flag.StringVar(&region, "region", "", "The region in which the bucket is located.")
	flag.StringVar(&tableBucketArn, "table-bucket-arn", "", "The arn of the table bucket.")
}

func main() {
	flag.Parse()
	if len(tableBucketArn) == 0 {
		flag.PrintDefaults()
		log.Fatalf("invalid parameters, table bucket arn required")
	}

	if len(region) == 0 {
		flag.PrintDefaults()
		log.Fatalf("invalid parameters, region required")
	}

	cfg := oss.LoadDefaultConfig().
		WithCredentialsProvider(credentials.NewEnvironmentVariableCredentialsProvider()).
		WithRegion(region)

	client := tables.NewTablesClient(cfg)

	result, err := client.PutTableBucketEncryption(context.TODO(), &tables.PutTableBucketEncryptionRequest{
		TableBucketARN: oss.Ptr(tableBucketArn),
		EncryptionConfiguration: &tables.EncryptionConfiguration{
			SseAlgorithm: oss.Ptr("AES256"),
		},
	})

	if err != nil {
		log.Fatalf("failed to put table bucket encryption %v", err)
	}

	log.Printf("put table bucket encryption result:%#v\n", result)
}

以下樣本展示了如何查詢Bucket層級加密配置。

package main

import (
	"context"
	"flag"
	"log"

	"github.com/aliyun/alibabacloud-oss-go-sdk-v2/oss"
	"github.com/aliyun/alibabacloud-oss-go-sdk-v2/oss/credentials"
	"github.com/aliyun/alibabacloud-oss-go-sdk-v2/oss/tables"
)

var (
	region         string
	tableBucketArn string
)

func init() {
	flag.StringVar(&region, "region", "", "The region in which the bucket is located.")
	flag.StringVar(&tableBucketArn, "table-bucket-arn", "", "The arn of the table bucket.")
}

func main() {
	flag.Parse()
	if len(tableBucketArn) == 0 {
		flag.PrintDefaults()
		log.Fatalf("invalid parameters, table bucket arn required")
	}

	if len(region) == 0 {
		flag.PrintDefaults()
		log.Fatalf("invalid parameters, region required")
	}

	cfg := oss.LoadDefaultConfig().
		WithCredentialsProvider(credentials.NewEnvironmentVariableCredentialsProvider()).
		WithRegion(region)

	client := tables.NewTablesClient(cfg)

	result, err := client.GetTableBucketEncryption(context.TODO(), &tables.GetTableBucketEncryptionRequest{
		TableBucketARN: oss.Ptr(tableBucketArn),
	})

	if err != nil {
		log.Fatalf("failed to get table bucket encryption %v", err)
	}

	log.Printf("get table bucket encryption result:%#v\n", result)
}

以下樣本展示了如何刪除Bucket層級加密配置。

package main

import (
	"context"
	"flag"
	"log"

	"github.com/aliyun/alibabacloud-oss-go-sdk-v2/oss"
	"github.com/aliyun/alibabacloud-oss-go-sdk-v2/oss/credentials"
	"github.com/aliyun/alibabacloud-oss-go-sdk-v2/oss/tables"
)

var (
	region         string
	tableBucketArn string
)

func init() {
	flag.StringVar(&region, "region", "", "The region in which the bucket is located.")
	flag.StringVar(&tableBucketArn, "table-bucket-arn", "", "The arn of the table bucket.")
}

func main() {
	flag.Parse()
	if len(tableBucketArn) == 0 {
		flag.PrintDefaults()
		log.Fatalf("invalid parameters, table bucket arn required")
	}

	if len(region) == 0 {
		flag.PrintDefaults()
		log.Fatalf("invalid parameters, region required")
	}

	cfg := oss.LoadDefaultConfig().
		WithCredentialsProvider(credentials.NewEnvironmentVariableCredentialsProvider()).
		WithRegion(region)

	client := tables.NewTablesClient(cfg)

	result, err := client.DeleteTableBucketEncryption(context.TODO(), &tables.DeleteTableBucketEncryptionRequest{
		TableBucketARN: oss.Ptr(tableBucketArn),
	})

	if err != nil {
		log.Fatalf("failed to delete table bucket encryption %v", err)
	}

	log.Printf("delete table bucket encryption result:%#v\n", result)
}

Java

以下樣本展示了如何設定Bucket層級加密配置。

import com.aliyun.sdk.service.oss2.credentials.EnvironmentVariableCredentialsProvider;
import com.aliyun.sdk.service.oss2.tables.OSSTablesClient;
import com.aliyun.sdk.service.oss2.tables.models.*;

public class PutTableBucketEncryptionSample {

    public static void main(String[] args) throws Exception {
        String region = "cn-hangzhou";
        String tableBucketARN = "acs:osstables:cn-hangzhou:1234567890:bucket/my-table-bucket";
        String sseAlgorithm = "AES256";

        try (OSSTablesClient client = OSSTablesClient.newBuilder()
                .credentialsProvider(new EnvironmentVariableCredentialsProvider())
                .region(region)
                .build()) {
            EncryptionConfiguration encryptionConfig = EncryptionConfiguration.newBuilder()
                    .sseAlgorithm(sseAlgorithm)
                    .build();

            PutTableBucketEncryptionRequest request = PutTableBucketEncryptionRequest.newBuilder()
                    .tableBucketARN(tableBucketARN)
                    .encryptionConfiguration(encryptionConfig)
                    .build();

            PutTableBucketEncryptionResult result = client.putTableBucketEncryption(request);

            System.out.printf("Status code:%d, request id:%s%n",
                    result.statusCode(), result.requestId());
            System.out.printf("Successfully updated table bucket encryption for ARN: %s%n", tableBucketARN);
        } catch (Exception e) {
            System.out.println("Error: " + e.getMessage());
        }
    }
}

以下樣本展示了如何查詢Bucket層級加密配置。

import com.aliyun.sdk.service.oss2.credentials.EnvironmentVariableCredentialsProvider;
import com.aliyun.sdk.service.oss2.tables.OSSTablesClient;
import com.aliyun.sdk.service.oss2.tables.models.*;

public class GetTableBucketEncryptionSample {

    public static void main(String[] args) throws Exception {
        String region = "cn-hangzhou";
        String tableBucketARN = "acs:osstables:cn-hangzhou:1234567890:bucket/my-table-bucket";

        try (OSSTablesClient client = OSSTablesClient.newBuilder()
                .credentialsProvider(new EnvironmentVariableCredentialsProvider())
                .region(region)
                .build()) {
            GetTableBucketEncryptionRequest request = GetTableBucketEncryptionRequest.newBuilder()
                    .tableBucketARN(tableBucketARN)
                    .build();

            GetTableBucketEncryptionResult result = client.getTableBucketEncryption(request);

            System.out.printf("Status code:%d, request id:%s%n",
                    result.statusCode(), result.requestId());
            if (result.encryptionConfiguration() != null) {
                System.out.printf("Encryption Algorithm: %s%n", result.encryptionConfiguration().sseAlgorithm());
                System.out.printf("Key ARN: %s%n", result.encryptionConfiguration().kmsKeyArn());
            } else {
                System.out.println("No encryption configuration found.");
            }
        } catch (Exception e) {
            System.out.println("Error: " + e.getMessage());
        }
    }
}

以下樣本展示了如何刪除Bucket層級加密配置。

import com.aliyun.sdk.service.oss2.credentials.EnvironmentVariableCredentialsProvider;
import com.aliyun.sdk.service.oss2.tables.OSSTablesClient;
import com.aliyun.sdk.service.oss2.tables.models.*;

public class DeleteTableBucketEncryptionSample {

    public static void main(String[] args) throws Exception {
        String region = "cn-hangzhou";
        String tableBucketARN = "acs:osstables:cn-hangzhou:1234567890:bucket/my-table-bucket";

        try (OSSTablesClient client = OSSTablesClient.newBuilder()
                .credentialsProvider(new EnvironmentVariableCredentialsProvider())
                .region(region)
                .build()) {
            DeleteTableBucketEncryptionRequest request = DeleteTableBucketEncryptionRequest.newBuilder()
                    .tableBucketARN(tableBucketARN)
                    .build();

            DeleteTableBucketEncryptionResult result = client.deleteTableBucketEncryption(request);

            System.out.printf("Status code:%d, request id:%s%n",
                    result.statusCode(), result.requestId());
            System.out.println("Encryption configuration deleted successfully.");
        } catch (Exception e) {
            System.out.println("Error: " + e.getMessage());
        }
    }
}

API

Table層級加密

控制台

建立Table時配置加密

  1. 登入OSS管理主控台,在左側導覽列選擇Table Bucket 列表

  2. 單擊目標Table Bucket名稱,在Table 列表頁簽中單擊建立 Table

  3. 在建立Table面板中,服務端加密方式欄位選擇不加密AES256

  4. 完成其他配置(命名空間、Table格式、資料表名稱、欄位資訊等)後,單擊確定

查看Table加密配置

Table詳情頁的基本資料地區查看服務端加密方式欄位,顯示當前Table的密碼編譯演算法。

ossutil

建立Table時指定加密(CreateTable)

ossutil tables-api create-table \
  --table-bucket-arn acs:osstables:cn-hangzhou:1234567890:bucket/my-table-bucket \
  --namespace my_namespace \
  --name my_table \
  --format ICEBERG \
  --encryption-configuration '{"sseAlgorithm":"AES256"}' \
  --metadata '{"iceberg":{"schema":{"fields":[{"id":1,"name":"id","type":"long","required":true},{"id":2,"name":"data","type":"string"}]}}}'

查詢Table加密配置(GetTableEncryption)

ossutil tables-api get-table-encryption \
  --table-bucket-arn acs:osstables:cn-hangzhou:1234567890:bucket/my-table-bucket \
  --namespace my_namespace \
  --name my_table

SDK

Python

建立Table時指定加密(CreateTable)

import alibabacloud_oss_v2 as oss
import alibabacloud_oss_v2.tables as oss_tables

credentials_provider = oss.credentials.EnvironmentVariableCredentialsProvider()
cfg = oss.config.load_default()
cfg.credentials_provider = credentials_provider
cfg.region = 'cn-hangzhou'

client = oss_tables.Client(cfg)

# 定義Schema
schema = oss_tables.models.IcebergSchema(fields=[
    oss_tables.models.SchemaField(id=1, name='id', type='long', required=True),
    oss_tables.models.SchemaField(id=2, name='data', type='string'),
])
metadata = oss_tables.models.TableMetadata(
    iceberg=oss_tables.models.IcebergMetadata(schema=schema))

# 指定AES256加密
encryption = oss_tables.models.EncryptionConfiguration(sse_algorithm='AES256')

result = client.create_table(oss_tables.models.CreateTableRequest(
    table_bucket_arn='acs:osstables:cn-hangzhou:1234567890:bucket/my-table-bucket',
    namespace='my_namespace',
    name='my_table',
    format='ICEBERG',
    metadata=metadata,
    encryption_configuration=encryption,
))
print(f'Table ARN: {result.table_arn}')

查詢Table加密配置(GetTableEncryption)

import argparse
import alibabacloud_oss_v2 as oss
import alibabacloud_oss_v2.tables as oss_tables

parser = argparse.ArgumentParser(description="get table encryption sample")
parser.add_argument('--region', help='The region in which the table bucket is located.', required=True)
parser.add_argument('--endpoint', help='The domain names that other services can use to access OSS Tables.')
parser.add_argument('--table-bucket-arn', help='The ARN of the table bucket.', required=True)
parser.add_argument('--namespace', help='The namespace of the table.', required=True)
parser.add_argument('--name', help='The name of the table.', required=True)

def main():
    args = parser.parse_args()

    credentials_provider = oss.credentials.EnvironmentVariableCredentialsProvider()

    cfg = oss.config.load_default()
    cfg.credentials_provider = credentials_provider
    cfg.region = args.region
    if args.endpoint is not None:
        cfg.endpoint = args.endpoint

    client = oss_tables.Client(cfg)

    result = client.get_table_encryption(oss_tables.models.GetTableEncryptionRequest(
        table_bucket_arn=args.table_bucket_arn,
        namespace=args.namespace,
        name=args.name,
    ))

    print(f'status code: {result.status_code},'
          f' request id: {result.request_id}')

    if result.encryption_configuration:
        print(f'sse algorithm: {result.encryption_configuration.sse_algorithm},'
              f'key arn: {result.encryption_configuration.key_arn}')


if __name__ == "__main__":
    main()

Go

建立Table時指定加密(CreateTable)

package main

import (
	"context"
	"fmt"
	"github.com/aliyun/alibabacloud-oss-go-sdk-v2/oss"
	"github.com/aliyun/alibabacloud-oss-go-sdk-v2/oss/credentials"
	"github.com/aliyun/alibabacloud-oss-go-sdk-v2/oss/tables"
)

func main() {
	cfg := oss.LoadDefaultConfig().
		WithCredentialsProvider(credentials.NewEnvironmentVariableCredentialsProvider()).
		WithRegion("cn-hangzhou")
	client := tables.NewTablesClient(cfg)

	result, err := client.CreateTable(context.TODO(), &tables.CreateTableRequest{
		TableBucketARN: oss.Ptr("acs:osstables:cn-hangzhou:1234567890:bucket/my-table-bucket"),
		Namespace:      oss.Ptr("my_namespace"),
		Name:           oss.Ptr("my_table"),
		Format:         oss.Ptr("ICEBERG"),
		EncryptionConfiguration: &tables.EncryptionConfiguration{
			SseAlgorithm: oss.Ptr("AES256"),
		},
	})
	if err != nil {
		panic(err)
	}
	fmt.Printf("Table ARN: %s\n", *result.TableARN)
}

查詢Table加密配置(GetTableEncryption)

package main

import (
	"context"
	"flag"
	"log"

	"github.com/aliyun/alibabacloud-oss-go-sdk-v2/oss"
	"github.com/aliyun/alibabacloud-oss-go-sdk-v2/oss/credentials"
	"github.com/aliyun/alibabacloud-oss-go-sdk-v2/oss/tables"
)

var (
	region         string
	tableBucketArn string
	namespace      string
	name           string
)

func init() {
	flag.StringVar(&region, "region", "", "The region in which the bucket is located.")
	flag.StringVar(&tableBucketArn, "table-bucket-arn", "", "The arn of the table bucket.")
	flag.StringVar(&namespace, "namespace", "", "The name of the namespace.")
	flag.StringVar(&name, "name", "", "The name of the table.")
}

func main() {
	flag.Parse()
	if len(tableBucketArn) == 0 {
		flag.PrintDefaults()
		log.Fatalf("invalid parameters, table bucket arn required")
	}

	if len(namespace) == 0 {
		flag.PrintDefaults()
		log.Fatalf("invalid parameters, namespace name required")
	}

	if len(name) == 0 {
		flag.PrintDefaults()
		log.Fatalf("invalid parameters, table name required")
	}

	if len(region) == 0 {
		flag.PrintDefaults()
		log.Fatalf("invalid parameters, region required")
	}

	cfg := oss.LoadDefaultConfig().
		WithCredentialsProvider(credentials.NewEnvironmentVariableCredentialsProvider()).
		WithRegion(region)

	client := tables.NewTablesClient(cfg)

	result, err := client.GetTableEncryption(context.TODO(), &tables.GetTableEncryptionRequest{
		TableBucketARN: oss.Ptr(tableBucketArn),
		Namespace:      oss.Ptr(namespace),
		Name:           oss.Ptr(name),
	})

	if err != nil {
		log.Fatalf("failed to get table encryption %v", err)
	}

	log.Printf("get table encryption result:%#v\n", result)
}

Java

建立Table時指定加密(CreateTable)

import com.aliyun.sdk.service.oss2.credentials.EnvironmentVariableCredentialsProvider;
import com.aliyun.sdk.service.oss2.tables.OSSTablesClient;
import com.aliyun.sdk.service.oss2.tables.models.*;

import java.util.ArrayList;
import java.util.List;

public class CreateTableSample {

    public static void main(String[] args) throws Exception {
        String region = "cn-hangzhou";
        String tableBucketARN = "acs:osstables:cn-hangzhou:1234567890:bucket/my-table-bucket";
        String namespace = "my-namespace";
        String name = "my-table";
        String format = "iceberg";

        try (OSSTablesClient client = OSSTablesClient.newBuilder()
                .credentialsProvider(new EnvironmentVariableCredentialsProvider())
                .region(region)
                .build()) {
            // Create schema fields
            List<SchemaField> fields = new ArrayList<>();
            fields.add(SchemaField.newBuilder()
                .name("id")
                .type("long")
                .required(true)
                .build());
            fields.add(SchemaField.newBuilder()
                .name("name")
                .type("string")
                .required(false)
                .build());
            fields.add(SchemaField.newBuilder()
                .name("ts")
                .type("timestamptz")
                .required(false)
                .build());

            // Create schema
            IcebergSchema icebergSchema = IcebergSchema.newBuilder()
                .fields(fields)
                .build();

            // Create partition spec
            IcebergPartitionField partitionField = IcebergPartitionField.newBuilder()
                .sourceId(2)
                .transform("identity")
                .name("region")
                .fieldId(1001)
                .build();
            List<IcebergPartitionField> partitionFields = new ArrayList<>();
            partitionFields.add(partitionField);
            IcebergPartitionSpec partitionSpec = IcebergPartitionSpec.newBuilder()
                .specId(0)
                .fields(partitionFields)
                .build();

            // Create iceberg metadata
            IcebergMetadata icebergMetadata = IcebergMetadata.newBuilder()
                .schema(icebergSchema)
                .partitionSpec(partitionSpec)
                .build();

            // Set metadata
            TableMetadata metadata = TableMetadata.newBuilder()
                .iceberg(icebergMetadata)
                .build();

            // Add encryption configuration
            EncryptionConfiguration encryptionConfig = EncryptionConfiguration.newBuilder()
                .sseAlgorithm("AES256")
                .build();

            CreateTableRequest request = CreateTableRequest.newBuilder()
                    .tableBucketARN(tableBucketARN)
                    .namespace(namespace)
                    .name(name)
                    .format(format)
                    .metadata(metadata)
                    .encryptionConfiguration(encryptionConfig)
                    .build();

            CreateTableResult result = client.createTable(request);

            System.out.printf("Status code:%d, request id:%s%n",
                    result.statusCode(), result.requestId());
            System.out.printf("Created table with ARN: %s%n", result.tableARN());
            System.out.printf("Version token: %s%n", result.versionToken());
        } catch (Exception e) {
            System.out.println("Error: " + e.getMessage());
        }
    }
}

查詢Table加密配置(GetTableEncryption)

import com.aliyun.sdk.service.oss2.credentials.EnvironmentVariableCredentialsProvider;
import com.aliyun.sdk.service.oss2.tables.OSSTablesClient;
import com.aliyun.sdk.service.oss2.tables.models.*;

public class GetTableEncryptionSample {

    public static void main(String[] args) throws Exception {
        String region = "cn-hangzhou";
        String tableBucketARN = "acs:osstables:cn-hangzhou:1234567890:bucket/my-table-bucket";
        String namespace = "my-namespace";
        String name = "my-table";

        try (OSSTablesClient client = OSSTablesClient.newBuilder()
                .credentialsProvider(new EnvironmentVariableCredentialsProvider())
                .region(region)
                .build()) {
            GetTableEncryptionRequest request = GetTableEncryptionRequest.newBuilder()
                    .tableBucketARN(tableBucketARN)
                    .namespace(namespace)
                    .name(name)
                    .build();

            GetTableEncryptionResult result = client.getTableEncryption(request);

            System.out.printf("Status code:%d, request id:%s%n",
                    result.statusCode(), result.requestId());
            if (result.encryptionConfiguration() != null) {
                System.out.printf("SSE Algorithm: %s%n", result.encryptionConfiguration().sseAlgorithm());
                System.out.printf("Key ARN: %s%n", result.encryptionConfiguration().kmsKeyArn());
            }
        } catch (Exception e) {
            System.out.println("Error: " + e.getMessage());
        }
    }
}

API

  • 建立Table時指定加密:調用CreateTable介面通過encryptionConfiguration參數設定加密。

  • 查詢Table加密配置GetTableEncryption