Help Center/ Data Encryption Workshop/ FAQs/ KMS Related/ How Are Default Keys Generated?
Updated on 2025-05-26 GMT+08:00

How Are Default Keys Generated?

A default key is automatically created by another cloud service using KMS, such as Object Storage Service (OBS). The alias of a default key ends with /default. Table 1 lists the default key aliases used by cloud services through KMS.

You can use the management console to query but cannot disable or schedule the deletion of Default Master Keys.

Default keys are hosted for free, and are charged based on the number of the API requests for them. If API requests exceed the free limit, the excess part will be charged.

For example, when you upload an object on OBS, enable Server-Side Encryption, and set Encryption Key Type to Default, OBS will use KMS to generate a default key whose alias is obs/default.

Figure 1 OBS default key
Table 1 Default master keys

Alias

Cloud Service

obs/default

Object Storage Service (OBS)

evs/default

Elastic Volume Service (EVS)

ims/default

Image Management Service (IMS)

vbs/default

Volume Backup Service (VBS)

sfs/default

Scalable File Service (SFS)

kps/default

Key Pair Service (KPS)

csms/default

Cloud Secret Management Service (CSMS)

dlf/default

DataArts Studio

dds/default

Document Database Service (DDS)

elb/default

Elastic Load Balance (ELB)

mkp/default

KooGallery

coc/default

Cloud Operations Center (COC)

cce/default

Cloud Container Engine (CCE)