Updated on 2024-05-30 GMT+08:00

Related Services

OBS

Object Storage Service (OBS) is a scalable service that provides secure, reliable, and cost-effective cloud storage for massive amounts of data. KMS provides central management and control capabilities of CMKs for OBS. It is used for server-side encryption with KMS-managed keys (SSE-KMS) on OBS.

EVS

Elastic Volume Service (EVS) offers scalable block storage for cloud servers. With high reliability, high performance, and rich specifications, EVS disks can be used for distributed file systems, development and test environments, data warehouse applications, and high-performance computing (HPC) scenarios to meet diverse service requirements. KMS provides central management and control capabilities of CMKs for EVS. It is used for encryption in EVS.

IMS

Image Management Service (IMS) allows you to manage the entire lifecycle of your images. KMS provides central management and control capabilities of CMKs for Image Management Service (IMS). It is used for private image encryption in IMS.

SFS

Scalable File Service (SFS) provides high-performance file storage (NAS) that can be expanded on demand. KMS provides central management and control capabilities of CMKs for SFS. It is used for file system encryption in SFS.

Relational Database Service (RDS) is a cloud database that is reliable, scalable, easy to manage, and immediately ready for use. KMS provides central management and control capabilities of CMKs for RDS. It is used for disk encryption in cloud databases.

ECS

An ECS is a basic computing component that consists of CPUs, memory, OS, and elastic volume service (EVS). After creating an ECS, you can use it like your local computer or physical server.

KPS manages key pairs of ECSs. The key pairs are used to authenticate users logging in to the ECSs.

Dedicated HSM can encrypt sensitive data in the service systems on your ECS. You can control the generation, storage, and access authorization of keys to ensure the integrity and confidentiality of data during transmission and storage.

DDS

Document Database Service (DDS) is a MongoDB-compatible database service that is secure, highly available, reliable, scalable, and easy to use. It provides DB instance creation, scaling, redundancy, backup, restoration, monitoring, and alarm reporting functions with just a few clicks on the DDS console. KMS provides central management and control capabilities of CMKs for DDS. It is used for disk encryption in DDS.

CTS

Cloud Trace Service (CTS) provides you with a history of DEW operations. After the CTS service is enabled, you can view all generated traces to review and audit performed KMS operations. For details, see the Cloud Trace Service User Guide.

Table 1 KMS operations recorded by CTS

Operation

Resource Type

Trace Name

Create a key

cmk

createKey

Create a DEK

cmk

createDataKey

Create a plaintext-free DEK

cmk

createDataKeyWithoutPlaintext

Enable a key

cmk

enableKey

Disable a key

cmk

disableKey

Encrypt a DEK

cmk

encryptDatakey

Decrypt a DEK

cmk

decryptDatakey

Schedule key deletion

cmk

scheduleKeyDeletion

Cancel scheduled key deletion

cmk

cancelKeyDeletion

Generate random numbers

rng

genRandom

Modify a key alias

cmk

updateKeyAlias

Modify key description

cmk

updateKeyDescription

Prompt risks about CMK deletion

cmk

deleteKeyRiskTips

Import key materials

cmk

importKeyMaterial

Delete key materials

cmk

deleteImportedKeyMaterial

Create a grant

cmk

createGrant

Retire a grant

cmk

retireGrant

Revoke a grant

cmk

revokeGrant

Encrypt data

cmk

encryptData

Decrypt data

cmk

decryptData

Add a tag

cmk

dealUnifiedTags

Delete a tag

cmk

dealUnifiedTags

Add tags in batches

cmk

dealUnifiedTags

Delete tags in batches

cmk

dealUnifiedTags

Enable key rotation

cmk

enableKeyRotation

Modify key rotation interval

cmk

updateKeyRotationInterval

Table 2 KMS operations recorded by CSMS

Operation

Resource Type

Trace Name

Create a secret

secret

createSecret

Update a secret

secret

updateSecret

Delete a secret

secret

forceDeleteSecret

Schedule the deletion of a secret

secret

scheduleDelSecret

Cancel the scheduled secret deletion

secret

restoreSecretFromDeletedStatus

Create a secret status

secret

createSecretStage

Update a secret status

secret

updateSecretStage

Delete a secret status

secret

deleteSecretStage

Create a secret version

secret

createSecretVersion

Download a secret backup

secret

backupSecret

Restore a secret backup

secret

restoreSecretFromBackupBlob

Update the secret version

secret

putSecretVersion

Start the secret rotation

secret

rotateSecret

Create a secret event

secret

createSecretEvent

Update a secret event

secret

updateSecretEvent

Delete a secret event

secret

deleteSecretEvent

Create a resource tag

secret

createResourceTag

Delete a resource tag

secret

deleteResourceTag

Table 3 KMS operations recorded by KPS

Operation

Resource Type

Trace Name

Create or import an SSH key pair

keypair

createOrImportKeypair

Delete an SSH key pair

keypair

deleteKeypair

Import a private key

keypair

importPrivateKey

Export a private key

keypair

exportPrivateKey

Bind an SSH key pair

keypair

bindKeypair

Unbind an SSH key pair

keypair

unbindKeypair

Clear private keys

keypair

clearPrivateKey

Table 4 KMS operations recorded by Dedicated HSM

Operation

Resource Type

Trace Name

Purchase an HSM instance

hsm

purchaseHsm

Configure an HSM instance

hsm

createHsm

Delete an HSM instance

hsm

deleteHsm

IAM

Identity and Access Management (IAM) provides the permission management function for DEW.

Only users who have KMS Administrator permissions can use DEW.

Only users who have the KMS Administrator and Server Administrator permissions can use the key pair function.

To apply for permissions, contact a user with Security Administrator permissions. For details, see the Identity and Access Management User Guide.