All Products
Search
Document Center

Simple Log Service:UpdateLogStoreEncryption

Last Updated:Dec 16, 2024

Updates the encryption configuration of a Logstore. You can create encryption configurations for the Logstore and enable or disable the encryption feature.

Operation description

Limits

If you specify a data encryption method when you configure data encryption settings, you cannot switch to the other method after the configuration. In addition, you cannot change the encryption algorithm or the encryption type. You can only enable or disable the encryption feature by using the enable parameter. If you specify the encryption method by using the service key of Simple Log Service when you configure data encryption settings, you cannot switch to the encryption method by using Bring Your Own Key (BYOK) keys after the configuration.

Create encryption configurations

Encryption by using service keys

Simple Log Service is fully responsible for data encryption and key management. No additional operations are required. When you create encryption configurations for the Logstore, you must specify the enable and encryptType parameters.

Encryption by using BYOK keys

You must create a customer master key (CMK) in Key Management Service (KMS). Then, Simple Log Service encrypts logs by using the CMK. When you create encryption configurations for the Logstore, you must specify the enable, encryptType, and userCmkInfo parameters.

Enable or disable the encryption feature

After you create encryption configurations for the Logstore, you cannot modify the encryptType or userCmkInfo parameters. However, you can enable and disable the encryption feature by using the enable parameter.

Debugging

You can run this interface directly in OpenAPI Explorer, saving you the trouble of calculating signatures. After running successfully, OpenAPI Explorer can automatically generate SDK code samples.

Authorization information

There is currently no authorization information disclosed in the API.

Request syntax

PUT /logstores/{logstore}/encryption HTTP/1.1

Request parameters

ParameterTypeRequiredDescriptionExample
projectstringYes

The Simple Log Service project.

test-project
logstorestringYes

The Logstore.

test-logstore
bodyobjectNo

The request struct.

enablebooleanYes

Specifies whether to enable the encryption feature. After you update the encryption configuration of the Logstore, you can modify only the enable parameter in subsequent update requests. You cannot modify the encryptType or userCmkInfo parameters.

true
encryptTypestringNo

The encryption algorithm. Valid values: default, m4, sm4_ecb, sm4_cbc, sm4_gcm, aes_ecb, aes_cbc, aes_cfb, aes_ofb, and aes_gcm.

default
userCmkInfoobjectNo

Optional. If you use a BYOK key to encrypt logs, you must specify this parameter. If you use the service key of Simple Log Service to encrypt logs, you do not need to specify this parameter.

keyIdstringNo

The ID of the CMK to which the BYOK key belongs. You can create a CMK in KMS. The CMK must be in the same region as the endpoint of Simple Log Service.

f5136b95-2420-ab31-xxxxxxxxx
roleArnstringNo

The Alibaba Cloud Resource Name (ARN) of the Resource Access Management (RAM) role.The value is in the acs:ram::12344***:role/xxxxx format. To use a BYOK key to encrypt logs, you must create a RAM role and grant the AliyunKMSReadOnlyAccess and AliyunKMSCryptoUserAccess permissions to the RAM role. You must grant the API caller the PassRole permission on the RAM role.

acs:ram::12344***:role/xxxxx
regionIdstringNo

The region ID. Example: cn-hangzhou.

cn-hangzhou

Response parameters

ParameterTypeDescriptionExample
headersobject
Serverstring

The name of the server.

nginx
Content-Typestring

The content type of the response body.

application/json
Content-Lengthstring

The content length of the response body.

0
Connectionstring

Indicates whether the connection is persistent. Valid values: close: The connection is non-persistent. A new TCP connection is established for each HTTP request. keep-alive: The connection is persistent. After a TCP connection is established, the connection remains open, and no more time or bandwidth is consumed to establish new connections.

close
Datestring

The time at which the response was returned.

Sun, 27 May 2018 08:25:04 GMT
x-log-requestidstring

The request ID.

5B0A6B60BB6EE39764D458B5

Examples

Sample success responses

JSONformat

{}

Error codes

HTTP status codeError codeError messageDescription
404ProjectNotExistThe Project does not exist: xxxx.The log entry does not exist.
404LogStoreNotExistlogstore xxxx does not exist.The Logstore does not exist.

For a list of error codes, visit the Service error codes.

Change history

Change timeSummary of changesOperation
2024-11-13Add OperationView Change Details