Key Management Service (KMS) is a secure and easy-to-use management service provided by Alibaba Cloud. Through KMS, you no longer have to spend a great deal to protect the confidentiality, integrity, and availability of keys. You can use keys securely and conveniently, and focus on developing encryption/decryption function scenarios.
Major problems to resolve using KMS
| Role | Problem | How to resolve the problem using KMS |
|---|---|---|
| Application/Website developer | My program needs to use a key for encryption or a certificate for signature, and I hope the key is managed in a secure and independent manner. I hope I can safely access the key no matter where my application is deployed. I would never allow deploying the plaintext key randomly, which is too risky. | Through the envelop encryption technology, users can store the Customer Master Key (CMK) in KMS and deploy only the encrypted data key, and users can call KMS to decrypt the data key only when they need to use it. |
| Service developer | I do not want to be responsible for the security of users’ keys and data. I hope users can manage their keys by themselves and I can use specified keys to encrypt their data with their authorization. In this way, I can devote all energy to developing service functions. | Based on the envelop encryption technology and the open APIs of KMS, service developers can use specified CMKs to encrypt and decrypt data keys, easily satisfying the requirement of not storing the plaintext directly in a storage device; therefore, service developers do not need to worry about how to manage users’ keys. |
| Chief Security Officer (CSO) | I hope the key management of my company can meet compliance requirements. I need to ensure that keys are reasonably authorized and any use of keys must be audited. | KMS can be associated with RAM for unified authorization management. |