Simple Log Service enables you to encrypt data using Key Management Service (KMS) for secure storage, providing static data protection. It also offers encrypted transmission based on SSL or TLS protocols to protect data from potential security risks in the cloud.
Server-side encryption
Simple Log Service supports the following encryption types:
Encryption by using service keys
Log Service generates an independent data encryption key for each Logstore. The service key never expires.
The supported data encryption algorithms are AES algorithm (default) and SM4 encryption algorithm.
Encryption by using Bring Your Own Key (BYOK) keys
You can create a CMK in the KMS console and grant the relevant permissions to Log Service. When Log Service calls a KMS API operation, this CMK is used to create a key that encrypts data. If the CMK is deleted or disabled, the corresponding BYOK key becomes invalid.
Important
If the CMK created in the KMS console becomes invalid, all read and write requests to the Logstore fail.
For more information, see Encrypt data.
Encryption in transit based on SSL or TLS
Simple Log Service can be accessed over HTTP or HTTPS. SSL or TLS is a Layer 4 protocol that ensures data privacy and integrity between two applications.
Encrypted transmission based on Logtail
Logtail is an agent used by Log Service to collect logs. To prevent data tampering during transmission, Logtail uses the HTTPS method to obtain private tokens from the server and signs all data packets used to send logs.
Encrypted transmission based on SDKs
Simple Log Service provides SDKs in multiple programming languages, such as Java, Python, .NET, PHP, and C. This helps you use Simple Log Service efficiently. The SDKs in multiple programming languages support using the HTTPS protocol to read and write data to Simple Log Service.