Simple Log Service allows you to use Key Management Service (KMS) to encrypt data that is stored. This way, data is stored in a secure manner. Simple Log Service provides encrypted transmission based on the SSL or TLS protocol to protect data from potential security risks on the cloud.
Server-side encryption
Simple Log Service supports the following encryption types:
Encryption by using service keys
Log service generates an independent service key for each Logstore. The service key never expires.
Simple Log Service supports the Advanced Encryption Standard (AES) encryption algorithm.
Encryption by using Bring Your Own Key (BYOK) keys
You can create a CMK in the KMS console and grant the relevant permissions to Simple Log Service. When Simple Log Service calls a KMS API operation, this CMK is used to create a key that is used to encrypt data. If the CMK is deleted or disabled, the corresponding BYOK key becomes invalid.
ImportantIf the CMK created in the KMS console becomes invalid, all read and write requests to the Logstore fail.
For more information, see Encrypt data.
Encrypted transmission based on SSL or TLS
Simple Log Service can be accessed over HTTP or HTTPS. SSL or TLS is a Layer 4 protocol that helps ensure data privacy and data integrity between two applications.
Encrypted transmission based on Logtail
Logtail is an agent that is used by Simple Log Service to collect logs. To prevent your data from being tampered with during transmission, Logtail uses the HTTPS method to obtain private tokens from the server and signs all data packets that are used to send logs.
Encrypted transmission based on SDKs
Simple Log Service provides SDKs in multiple programming languages, such as Java, Python, .NET, PHP, and C. This helps you use Simple Log Service in an efficient manner. Simple Log Service SDKs allow you to use the HTTPS method to read data from and write data to Simple Log Service.