Help Center/ Data Encryption Workshop/ FAQs/ KMS Related/ What Is a Customer Master Key?

Updated on 2024-09-29 GMT+08:00

View PDF

What Is a Customer Master Key?

A Customer Master Key (CMK) is a Key Encryption Key (KEK) created by a user on KMS. It is used to encrypt and protect DEKs. One CMK can be used to encrypt one or more DEKs.

CMKs are categorized into custom keys and default keys.

Custom keys
Keys created or imported by users on the KMS console.

Default keys

When a user uses KMS for encryption in a cloud service for the first time, the cloud service automatically creates a key with the alias suffix /default.

You can use the management console to query but cannot disable or schedule the deletion of Default Master Keys.

**Table 1** Default Master Keys
Alias	Cloud Service
obs/default	Object Storage Service (OBS)
evs/default	Elastic Volume Service (EVS)
ims/default	Image Management Service (IMS)
kps/default	Key Pair Service (KPS)
csms/default	Cloud Secret Management Service (CSMS)

Parent topic: KMS Related

Feedback

Was this page helpful?

Helpful Not helpful

Provide feedback

Thank you very much for your feedback. We will continue working to improve the documentation.

The system is busy. Please try again later.

Which of the following issues have you encountered?

Content is inconsistent with the product UI

Unclear descriptions

Lack of examples or code

Incorrect steps

Can't find what I need

Lack of best practices

Feedback (optional)

0/500

Select at least one type of issue, and enter your comments or suggestions.

Enter a maximum of 500 characters.

Submit Cancel