Key Management Service
Kingsoft Cloud Key Management Service (KKMS) is an easy-to-use service that can manage and secure keys. KKMS frees you from maintaining the confidentiality, integrity, and availability of keys so that you can focus more on data encryption and decryption functions.
Benefits
High Reliability
KKMS implements high reliability by using nationally certified third-party hardware security module (HSM) and a distributed system architecture.
Ease of Use
KKMS provides a unified and easy-to-use API that enables you to conveniently encrypt local data.
Cost Efficiency
You can adjust the number of created keys based on business needs, and are charged only for the actual number of keys you use. In addition, up to 20,000 free API calls are provided per month.
Features
Key Generation
You can create a customer master key (CMK) by using the KKMS console or API. You can use the CMK to encrypt data keys or data with a maximum size of 4 KB, such as passwords, certificates, and configuration files.
Key Management
KKMS allows you to enable or disable keys at any time, query key details, and modify information about keys.
Data Encryption
You can encrypt and decrypt sensitive data by using the KKMS console or API.
Envelope Encryption
KKMS provides envelope encryption to encrypt and decrypt a large amount of local data.
Scenarios
Data Encryption and Decryption Based on a CMK
Local Data Encryption and Decryption Based on Envelope Encryption
Data Encryption and Decryption Based on a CMK
Encrypt and decrypt HTTPS certificates for servers.
Use a CMK to Encrypt and Decrypt Data
Suitable for encryption and decryption of data with a maximum size of 4 KB. After user data is sent to KKMS through secure channels, KKMS encrypts and decrypts the data.
Local Data Encryption and Decryption Based on Envelope Encryption
Use envelope encryption to encrypt a large amount of data.
Use Envelope Encryption to Encrypt and Decrypt Local Data
Use KKMS to create a CMK, use the CMK to generate a data key, and then use the data key to encrypt and decrypt local data.
