Introducing Alibaba Cloud Key Management Service (KMS)

This post is going to introduce Alibaba Cloud Key Management Service (KMS).

There is a Key Management Service (KMS) under Alibaba Eco system which providing comprehensive on-cloud data encryption solution that includes KMS and Cloud Hardware Security Module. This solution helps solve concerns such as data security, key security, key management, and secret management.

I would like to share KMS options, roadmap of KMS, cost model, as well as BYOK (Bring Your Own Key)!

KMS Options:

Alibaba Clooud offers Service-Managed Key, Shared KMS, KMS 2.0 & 3.0 so far

For Shared KMS, it is customer managed key (Master key per Account) which

• Shared HSM

• FIPS Comply

• Manual Key Rotation

• Integrated with Alibaba Cloud Service - ECS, RDS, OSS, NAS etc.

KMS 2.0 highlight:

There is a roadmap for KMS upgrade back to a year ago

• Shared KMS retired at the end of 2023 already

• More Flexibility with KMS 3.0

Support Dedicated/Shared HSM
Support Cross Account/VPC

• Upgrade from Shared KMS to KMS 3.0 involves resource re-deployment

KMS 3.0 cost model:

• Default Key Management: 1 free tier CMK (BYOK) per UID. This key is shared across VPC for cloud resource protection ( not app level api encryption)

• Software Key Management: 1 x USD 500 instance + USD 125 for additional VPC/UID

• This cost model is applicable to the public

• Email confirmation by Alibaba Cloud

GUI reference on KMS 3.0

You may also interest

Disclaimer: The views expressed herein are for reference only and don't necessarily represent the official views of Alibaba Cloud.

0 1 0

Share on

: Kidd Ip

26 posts | 4 followers
Follow

Community

Introducing Alibaba Cloud Key Management Service (KMS)

Read previous post:

Read next post:

Kidd Ip

You may also like

Comments

Kidd Ip

Related Products

Cloud Hardware Security Module (HSM)

Resource Management

Key Management Service

Security Center