Key Management Service

A secure, easy-to-use key management service for encrypted data

Get Consultant

Overview

Benefits

Features

Scenarios

Overview

 

Key Management Service (KMS) is a comprehensive security management solution designed to simplify the creation and administration of cryptographic keys, ensuring the confidentiality, integrity, and availability of sensitive data. It effectively addresses key management and compliance requirements across diverse applications and business environments.

Benefits

measurable optimization

Security and Compliance

KMS utilizes a certified third-party hardware security module (HSM) for the generation and safeguarding of keys. It employs secure data transfer protocols, distributed clustered service deployment, and hot backup to ensure uninterrupted availability. The security measures and quality control standards adhered to by KMS are endorsed by numerous compliance frameworks.

secure

Rich function

The Key Management Service offers an array of robust management functionalities, encompassing key creation, activation, deactivation, rotation configurations, alias management, key details viewing, and related information modification.

high stability

Seamless Integration with Cloud Services

KMS offers seamless integration with various Cloud services including COS, CloudDB for MySQL, and CBS, allowing users to effectively manage their keys using KMS.

easy management

Easy Management

The KMS console seamlessly integrates with CAM and Cloud Monitor, facilitating effortless key creation for access control. Additionally, all management operations and key usage are meticulously logged for comprehensive monitoring and auditing.

low cost

Low Costs

The pay-as-you-go KMS can be swiftly deployed with a simple click, allowing for rapid implementation. The cloud service handles all backend maintenance, eliminating the need for investing in dedicated hardware encryption devices and enabling businesses to concentrate entirely on their developmental endeavors.

data synchronization

Supports External Key Import

KMS enables the encryption and decryption of sensitive data using a customized key through the implementation of the Bring Your Own Key (BYOK) solution.

Features

Managed Key Services

KMS offers an extensive array of management functionalities, encompassing key creation, activation, deactivation, rotation settings, alias assignment, key details viewing, and relevant information modification. This empowers users to efficiently generate and safeguard keys.

Rich function

KMS includes a feature for rotating customer master keys (CMKs), which is initially deactivated but can be enabled as required. When enabled, CMK rotation occurs once annually.

Permission Control

Seamlessly integrated with CAM, KMS offers comprehensive control over the access and management of sensitive keys, allowing precise regulation of accounts and roles through identity and policy management.

Built-in Audit

KMS seamlessly incorporates Audit functionality to meticulously document all API requests, providing comprehensive logs of key management operations and key utilization.

Scenarios

Sensitive Data Encryption

Envelope Encryption

Bring Your Own Key

Encryption of sensitive information stands as a fundamental feature of KMS, primarily employed to safeguard confidential data (under 4 KB in size) stored on server disks, including keys, certificates, and configuration files.

Envelope encryption stands as an efficient encryption and decryption method, particularly suited for handling extensive volumes of data. Utilizing envelope encryption within KMS streamlines the process by transferring only the data encryption keys (DEKs) to the KMS server, which are encrypted and decrypted using the Customer Master Key (CMK). Subsequently, all data undergoes processing with efficient local symmetric encryption, ensuring minimal disruption to user access.

The Bring Your Own Key (BYOK) solution enables the utilization of custom keys for encrypting and decrypting sensitive data stored in the Cloud. With BYOK implementation, you can create a Customer Master Key (CMK) devoid of key material, subsequently importing your own key to establish an external CMK. This external CMK can then be effectively managed and distributed alongside KMS.

Compute

Cloud Virtual Machine

A secure, stable, and highly flexible computing service

Cloud Lighthouse

A new-gen cloud server service for SMEs and developers

Cloud Bare Metal

Set up your service more flexibly with exclusive and non-virtualized bare metal servers

Cloud GPU Service

A high-density computing server with graphics processing capabilities

CVM Dedicated Host

A physically isolated computing service with exclusive resources

Auto Scaling

An efficient and cost-effective computing resource management policy

Batch Compute

An efficient and cost-effective computing resource management policy

Cloud Automation Tools

Efficient and secure native Ops and deployment tool

Edge Computing

Edge Computing Machine

Distributed low-latency elastic computing resources close to users

Container

Kubernetes Engine

A scalable and high-performing container management service

Kubernetes Engine for Serverless

A secure, elastic, and cost-effective serverless Kubernetes service

Cloud Mesh

Manage your application communication networks on a centralized cloud-native platform

Distributed Cloud

Cloud Dedicated Zone

Deploy dedicated resources on the data center as required by the customer

Edge Zone

Low-delay, wide-coverage, and low-cost edge cloud computing services

Microservice

Cloud Elastic Microservice

A secure, reliable, and highly elastic serverless microservice platform

Serverless

Serverless Cloud Function

A secure and efficient serverless function computing platform

Serverless Application Center

One-stop serverless application development service

EventBridge

A secure and efficient event management platform

Essential Storage Service

Cloud Object Storage

A highly available, reliable, and scalable object storage service

Cloud File Storage

A secure and scalable file sharing and storage solution

Cloud Block Storage

A reliable, scalable, and persistent block storage service

Data Migration

Migration Service Platform

A service platform enabling quick and convenient system migration

Data Process and Analysis

Cloud Infinite

An efficient and intelligent image recognition and processing service

Cloud Log Service

A one-stop logging solution for log collection, search and analysis

Relational Database

Cloud Native Database TDSQL-C

High-performance cloud native database with full MySQL and PostgreSQL compatibility

CloudDB for MySQL

A high-performance, reliable, and flexible database hosting service

CloudDB for MariaDB

A community-driven open-source database

CloudDB for PostgreSQL

An open-source database supporting geospatial data processing

CloudDB for SQL Server

A genuinely licensed SQL Server database in the cloud

NoSQL Database

CloudDB for Redis

A high-performance, low-latency, and scalable Redis database

CloudDB for MongoDB

A high-performance distributed MongoDB database

CloudDB for TcaplusDB

A high-performance distributed NoSQL data storage service

CloudDB for Tendis

A Redis-compatible elastic KV storage service

CloudDB for CTSDB

A powerful, distributed, and scalable time series database in the cloud

CloudDB for Graph Database

A one-stop database service for storage, computation, and visual analysis of massive amounts of graph data

Cloud VectorDB

Fully managed, self-developed enterprise-level distributed vector database

Enterprise Distributed DBMS

ADSQL for MySQL

A high-performance database featuring automated sharding

ADSQL-A for PostgreSQL

An online real-time data warehouse service featuring high performance, scalability, security, and cost effectiveness

ADSQL-H LibraDB

A stable, efficient, and out-of-the-box HTAP database

Database SaaS Tool

Data Transfer Service

A seamless data transfer and migration service with no downtime

Database Expert Service

Professional and efficient database service

Database Management Center

Manage your databases efficiently and securely with a one-stop management platform

CloudDB for DBbrain

A cloud database autonomous service for database performance optimization

Networking

Virtual Private Cloud

An isolated and secure virtual private network in Cloud

Cloud Load Balancer

A secure, stable and elastically scalable traffic distribution service

Direct Connect

A dedicated network with low latency for optical fiber communications

Cloud Connect Network

A fast and easy service to interconnect resources on and off cloud

Elastic Network Interface

A multi-ENI hot swap service for CVM

NAT Gateway

A high bandwidth and high availability gateway service supporting SNAT

Peering Connection

A cross-regional network connection service for data synchronization

Flow Logs

A full-time, full-process, and non-intrusive traffic collection service

Anycast Internet Acceleration

An IP Anycast service that optimizes Internet access

Bandwidth Package

A multi-IP aggregated billing method that reduces Internet access costs

VPN Connection

An easy to build network-based IPsec-encrypted tunneling service

CDN and Edge platform

Cloud EdgeOne

Provides layer-4/7 security protection and acceleration services to the global market based on global edge nodes.

Enterprise Content Delivery Network

A one-stop acceleration service for dynamic and hybrid resources.

Content Delivery Network

A fast, stable, intelligent, and secure content delivery service

Global Application Acceleration Platform

A high-speed network connection service for application acceleration.

Secure Content Delivery Network

A content delivery network integrated with multiple security protection capabilities

Global Office Access

Quick and secure access to organizational resources from any network

Network Security

Anti-DDoS Advanced

A protection solution against high-traffic DDoS attacks for services in and outside the cloud

Anti-DDoS Pro

A convenient anti-DDoS service for cloud-based businesses

Cloud Firewall

Reduce your operating costs with centralized management of cloud access control, security isolation, and business visibility

Anti-DDoS

A reliable system that offers DDoS protection solutions to different industries

Data Security

Data Security Governance Center

DSGC provides cloud native data security services

Bastion Host

Cloud resource security operation and maintenance gateway

Key Management Service

A secure, easy-to-use key management service for encrypted data

Secrets Manager

A simple, stable, and secure credential management service

Application Security

Web Application Firewall

A one-stop intelligent security protection platform for website services

Vulnerability Scan Service

Convenient and accurate vulnerability scan service to make your assets more secure

Mobile Security

A stable and effective mobile application security service

Anti-Cheat Expert

A professional mobile game security solution empowering games

T-Sec WeTest Game Quality Monitoring

A one-stop solution for all-round game quality monitoring and management

Endpoint Security

Cloud Workload Protection Platform

Protect your servers with the all-around security services

Container Security Service

ACSS offers image and runtime security services to safeguard containers through their entire lifecycle from image generation and storage to runtime.

Business Security

Captcha

All-around CAPTCHA verification services

Text Moderation System

Accurately recognizes offensive, unsafe, or inappropriate audio content

Image Moderation System

Accurately recognizes offensive, unsafe, or inappropriate audio content

Audio Moderation System

Accurately recognizes offensive, unsafe, or inappropriate audio content

Video Moderation System

Detects pornographic and other non-compliant content in videos

Customer Identity Access Management

Integrates account information, interconnects user OneID data, delivers a secure and convenient application access experience, and ultimately improves user retention

Risk Control Engine

Real-Time protection against account and payment frauds

Security Services

Penetration Testing Service

Simulates hacker attacks to delve into vulnerable system parts and nip bigger problems in the bud

Security Management

Cloud Security Center

Cloud's native security management platform

Domains & Websites

Domains

A leading domain registrar offering comprehensive domain registration and management services

SSL Certificate Service

A one-stop digital certificate management service

Private DNS

A secure, stable, and efficient private DNS service

HTTPDNS

A secure, stable, and efficient mobile DNS service to avoid domain name hijacking and cross-network access problems caused by local DNS

DNSPod

Provides fast, stable, and highly available DNS services

Office Collaboration

VooV Meeting

VooV Meeting enables online collaborations.

Cloud Enterprise Drive

A secure and efficient enterprise collaboration platform

Enterprise Applications

Ecard

Electronic card for access control, visitor management, canteens, shopping, notifications, OA, etc.

Data Analysis

Elastic MapReduce

A secure and flexible cloud-hosted Hadoop service

Elasticsearch Service

A ready-to-use cloud-based Elasticsearch service

Cloud Data Warehouse

A simple and easy-to-use ClickHouse hosting service in the cloud

Cloud Data Warehouse for PostgreSQL

A convenient and cost-effective in-cloud data warehousing service

Data Lake Compute

A next-gen cloud-native agile data lake analysis service

Stream Compute Service

A cloud-based streaming data aggregation and computing service

Image Recognition

Analysis Platform for Pneumonia CT Image

A chest CT image analysis and research platform

Face Recognition

Face Recognition

Accurate and real-time facial detection, analysis, recognition, and search services

eKYC

Verify user identities via secure face recognition service

Voice Technology

Text To Speech

An intelligent service that provides lifelike speech synthesis

Automatic Speech Recognition

A highly cost-effective speech recognition service with a high recognition accuracy and wide applicability

AI Platform Service

Cloud TI Platform

A one-stop machine learning service platform for AI engineers

Cloud AI Digital Human

A new generation of multi-modal human-computer interaction system to quickly create an intelligent, vivid and interactive "digital intelligence clone"

Intelligent Music Solution

Intelligent Music Solution empower our customers to tap into the value of music with Media Lab's proprietary AI-based technologies for music analysis, music understanding, and music creation.

Natural Language Processing

Machine Translation

Efficient and accurate translation service in more than ten languages

Optical Character Recognition

Optical Character Recognition

A precise, fast and versatile image and text recognition service

Internet of Things

IoT Hub

A cloud solution that helps developers quickly build IoT applications

Message Queue

TDMQ for CKafka

A high-performance and reliable Kafka-compatible messaging system

TDMQ for RocketMQ

Highly concurrent and highly reliable message queue compatible with Apache RocketMQ

TDMQ for RabbitMQ

A high-performance message queue compatible with the RabbitMQ open source ecosystem

TDMQ for Pulsar

Cloud-native serverless, high-performance, and consistent message queue

TDMQ for CMQ

The original Cloud CMQ, a high-performance message queuing service

Middleware

API Gateway

A full lifecycle management API hosting service

Communication

Chat

A communication service supporting one-to-one chat, group chat, chat room, system notification, and other messaging capabilities

Short Message Service

A fast, stable, and easy-to-use messaging service with global reachability

Push Notification Service

A reliable and fast push notification service with high delivery rate

Cloud Contact Center

Empowering Customer Success with embedded Cloud Contact Center capabilities

Simple Email Service

A secure, stable, and simple email push service

Interactive Video Services

Alto Real-Time Communication (ARTC)

Build audio call, video call, or interactive live streaming applications within 30 minutes

Low-Code Interactive Classroom

Quickly set up your cross-platform interactive classroom in 15 minutes to provide highly stable and cost-effective online interactive classroom services for your school or enterprise

Stream Services

StreamLive

A broadcast-grade live video streaming service

StreamPackage

A stable, secure, and effective media packaging service

StreamLink

A fast and reliable real-time video transport service for global users

Cloud Streaming Services

A fast, stable, and professional cloud-based live streaming services

Media On-Demand

Video on Demand

A one-stop media transcoding and distribution platform

VOD On EdgeOne

Flexible VOD solution

Media Process Services

Media Processing Service

A professional and versatile multimedia processing service

Media SDK

Mobile Live Video Broadcasting

A quick integration solution to push and pull live streams on mobile devices

User Generated Short Video SDK

Create short video mobile applications easily

Effect SDK

An advanced video processing solution with beauty filters and stickers

Cloud Real-time Rendering

Cloud Application Rendering

Move your application to the cloud for real-time rendering and streaming so your users can use it through web pages, apps, or other devices

Game Services

Game Multimedia Engine (GME)

A one-stop gaming voice solution that is easy to integrate

Game Video Service

Game Video Transcoder

Flexible and easy-to-use video transcoding and compression service

Game Video Processor

A human visual standard-based game video processing platform

Game Video Analyzer

A smart video content analysis system for content categorization and highlights generation

Education Services

iHearing Oral Evaluation

Supports oral English and Chinese evaluation with great adaption to the pronunciation characteristics in Asia Pacific

Interactive Whiteboard

A real-time, smooth, and feature-rich online interactive whiteboard service

Blockchain Service

Cloud Blockchain RPC

A high-performance blockchain RPC service

Building Services

Cloud Weiling

An IoT operating system well adapted to smart building scenarios

Instavue Smart Video Analysis System

Integrates IoT technology and AI smart vision capabilities to help accurately tap into the value of massive videos

Cloud Resource Management

API

Access Cloud resources quickly via APIs

Cloud Command Line Interface

Quickly call Cloud APIs to manage your cloud resources

Cloud Infrastructure as Code (IC)

An efficient and secure infrastructure management platform

Smart Advisor

An out-of-the-box cloud resource risk assessment service

Infrastructure Automation for Terraform

Manage Cloud resources securely and efficiently

Control Center

Set up a landing zone to centrally manage all of your enterprise accounts.

Management and Audit Tools

Cloud Access Management

A convenient and secure permission and user management service

CloudAudit

A logging and tracking service for Cloud resource operations

Cloud Organization

Centrally manage multiple accounts with user-based permissions

Developer Tools

CODING Code Repositories

A secure, fast, and convenient Git/SVN code repository service

CODING Project Management

A PM tool and service for agile and fast iteration

CODING Test Management

An agile testing method for better test-R&D collaboration

CODING Continuous Integration

A cloud-based code build service for Java, Python, and more

CODING Artifact Repositories

An efficient management service for artifacts after code compilation

CODING Continuous Deployment

A continuous, controllable, and automated deployment of artifacts

Mobile Framework

One-stop mobile development and operation platform

Cloud Mini Program Platform

One-stop development, placing small programs into enterprise-owned APPs

Monitor and Operation

Cloud Observability Platform

A cloud resource data monitoring platform for intelligent data analysis

Managed Service for Prometheus

A lightweight, stable, and highly available managed Prometheus service

Application Performance Management

Monitor your application performance in real time with a scalable and cost-effective management service

Real User Monitoring

A real user experience monitoring service for web and mini program frontends

Cloud Managed Service for Grafana

Secure, stable, low-cost, and highly scalable managed Grafana service

Cloud Automated Testing

A globally deployed real user performance test service

Education

Cloud Online Education Solutions

Versatile solutions for supporting diverse online education scenarios

Gaming

Gaming Solution

A comprehensive solution to help you build your cloud gaming platform

Game Media Solutions

A one-stop toolkit for gaming videos

Financial Services

Financial Services Solution

Integrated full-process fintech solutions designed for various digital transformation scenarios

Audio & Video

Audio/Video Solution

A one-stop video solution for all your cloud media applications

LVB Recording Solution

A solution for on-cloud recording, content production, and video distribution

Interactive Classroom Solution

Offers a one-stop online education solution

Interactive Live Streaming Solution

Covers various low-latency live video streaming use cases such as anchor competition and interactive live streaming

Audio Chat Social Networking Solution

Provides a one-stop "real-time audio interaction" solution

Real Estate

Cloud LinkBase (Weiling)

An IoT building operating system well adapted to smart building scenarios