Functions
KMS is a secure, reliable, and easy-to-use cloud service that helps you create, manage, and protect keys easily.
It uses Hardware Security Modules (HSMs) to protect keys. All keys are protected by root keys in HSMs to avoid key leakage. The HSMs meet the FIPS 140-2 Level 3 security requirements.
It also controls access to keys and records all operations on keys with traceable logs. In addition, it provides use records of all keys, meeting your audit and regulatory compliance requirements.
Key Lifecycle Management
KMS allows you to manage the lifecycle of keys, including creating, viewing, enabling, disabling a key, as well as scheduling and canceling the deletion of a custom key.
For details about key management types and key algorithms supported by KMS, see KMS Overview.
Data Encryption and Decryption
KMS allows you to encrypt and decrypt small-size data that is not larger than 4 KB and large-size data. For details, see Using KMS for Encryption.
Signature and Verification
Signature verification is an encryption mechanism that ensures data transmission security and integrity, preventing information from being tampered or forged during transmission. This function can be called only through an API.
Key Alias
Alias is the short name of a user key, which is an identifier of the key. You can use the alias as the key ID during API calling. The original key alias is not used as the key name.
Key Tags
Tags are used to identify keys. You can add tags to custom keys to classify and track custom keys and summarize the usage of custom keys by tag.
Key Rotation
KMS provides key rotation. You can rotate keys periodically to improve the security of your keys and service data. By default, automatic key rotation is disabled for a custom key. Every time you enable key rotation, KMS automatically rotates custom keys based on the rotation period you set.
Key Grant
You can create a grant for other IAM users or accounts. You can create a maximum of 100 grants for a custom key.
Multi-Region Keys
You can create a replica key across regions. A replica key is the key generated by replicating the master key in DEW. The replica key and the master key share the same key materials. It can be used for cross-region data encryption and decryption. It ensures flexibility and high availability in DEW, but requires proper management to ensure security and compliance.
Hardware True Random Number Generation
A device that generates true random numbers through physical processes instead of computer programs. Random numbers ranging from 8 bits to 8,192 bits can be generated by calling APIs.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot
