Related Services

OBS

Object Storage Service (OBS) is a scalable service that provides secure, reliable, and cost-effective cloud storage for massive amounts of data. KMS provides central management and control capabilities of CMKs for OBS. It is used for server-side encryption with KMS-managed keys (SSE-KMS) on OBS.

EVS

Elastic Volume Service (EVS) offers scalable block storage for cloud servers. With high reliability, high performance, and rich specifications, EVS disks can be used for distributed file systems, development and test environments, data warehouse applications, and high-performance computing (HPC) scenarios to meet diverse service requirements. KMS provides central management and control capabilities of CMKs for EVS. It is used for encryption in EVS.

IMS

Image Management Service (IMS) allows you to manage the entire lifecycle of your images. KMS provides central management and control capabilities of CMKs for Image Management Service (IMS). It is used for private image encryption in IMS.

ECS

An ECS is a basic computing component that consists of CPUs, memory, OS, and elastic volume service (EVS). After creating an ECS, you can use it like your local computer or physical server.

KPS manages key pairs of ECSs. The key pairs are used to authenticate users logging in to the ECSs.

Dedicated HSM can encrypt sensitive data in the service systems on your ECS. You can control the generation, storage, and access authorization of keys to ensure the integrity and confidentiality of data during transmission and storage.

DDS

Document Database Service (DDS) is a MongoDB-compatible database service that is secure, highly available, reliable, scalable, and easy to use. It provides DB instance creation, scaling, redundancy, backup, restoration, monitoring, and alarm reporting functions with just a few clicks on the DDS console. KMS provides central management and control capabilities of CMKs for DDS. It is used for disk encryption in DDS.

CTS

Cloud Trace Service (CTS) provides you with a history of DEW operations. After the CTS service is enabled, you can view all generated traces to review and audit performed KMS operations. For details, see the Cloud Trace Service User Guide.

**Table 1** DEW operations supported by CTS
Operation	Resource Type	Trace Name
Creating a CMK	cmk	createKey
Creating a DEK	cmk	createDataKey
Creating a plaintext-free DEK	cmk	createDataKeyWithoutPlaintext
Enabling a CMK	cmk	enableKey
Disabling a CMK	cmk	disableKey
Encrypting a DEK	cmk	encryptDatakey
Decrypting a DEK	cmk	decryptDatakey
Scheduling the deletion of a CMK	cmk	scheduleKeyDeletion
Canceling the scheduled deletion of a CMK	cmk	cancelKeyDeletion
Generating random numbers	rng	genRandom
Changing the alias of a CMK	cmk	updateKeyAlias
Changing the description of a CMK	cmk	updateKeyDescription
Prompting risks about CMK deletion	cmk	deleteKeyRiskTips
Importing key material	cmk	importKeyMaterial
Deleting key material	cmk	deleteImportedKeyMaterial
Creating a grant	cmk	createGrant
Retiring a grant	cmk	retireGrant
Revoking a grant	cmk	revokeGrant
Encrypting data	cmk	encryptData
Decrypting data	cmk	decryptData
Adding a tag	cmk	createKeyTag
Deleting a tag	cmk	deleteKeyTag
Adding or deleting tags in batches	cmk	batchCreateKeyTags
Batch deleting tags	cmk	batchDeleteKeyTags
Enabling key rotation	cmk	enableKeyRotation
Modifying key rotation interval	cmk	updateKeyRotationInterval
Disabling key rotation	cmk	disableKeyRotation
Creating a secret	csms	createSecret
Updating a secret	csms	updateSecret
Deleting a secret	csms	forceDeleteSecret
Schedule the deletion of a secret	csms	scheduleDelSecret
Canceling the scheduled deletion of a secret	csms	restoreSecretFromDeletedStatus
Creating a secret status	csms	createSecretStage
Updating a secret status	csms	updateSecretStage
Deleting a secret status	csms	deleteSecretStage
Creating a secret version	csms	createSecretVersion
Downloading secret backup	csms	backupSecret
Restoring secret backup	csms	restoreSecretFromBackupBlob
Creating or importing an SSH key pair	keypair	createOrImportKeypair
Deleting an SSH key pair	keypair	deleteKeypair
Importing a private key	keypair	importPrivateKey
Exporting a private key	keypair	exportPrivateKey
Purchasing an HSM instance	hsm	purchaseHsm
Configuring an HSM instance	hsm	createHsm
Deleting an HSM instance	hsm	deleteHsm

IAM

Identity and Access Management (IAM) provides the permission management function for DEW.

Only users who have KMS Administrator permissions can use DEW.

Only users who have the KMS Administrator and Server Administrator permissions can use the key pair function.

To apply for permissions, contact a user with Security Administrator permissions. For details, see the Identity and Access Management User Guide.

Previous topic: How to Access

Next topic: Personal Data Protection Mechanism

Feedback

Was this page helpful?

Helpful Not helpful

Provide feedback

Thank you very much for your feedback. We will continue working to improve the documentation.

The system is busy. Please try again later.

Which of the following issues have you encountered?

Content is inconsistent with the product UI

Unclear descriptions

Lack of examples or code

Incorrect steps

Can't find what I need

Lack of best practices

Feedback (optional)

0/500

Select at least one type of issue, and enter your comments or suggestions.

Enter a maximum of 500 characters.

Submit Cancel