Key Management Service (KMS) is a secure and easy-to-use management service provided by Alibaba Cloud. With KMS, you will no longer have to spend excessively to protect the confidentiality, integrity, and availability of keys. Instead, KMS securely and conveniently manages your keys, allowing you to focus more on developing encryption/decryption function scenarios.
|Role||Problem||How to use KMS to resolve problems|
|Application/Website developer||My program needs to use a key for encryption or a certificate for signature, and I need the key to be securely and independently managed. I need secure access to the key no matter where my application is deployed, and I would never deploy the plaintext key randomly, because it is too risky.||Through the envelop encryption technology, users can store the Customer Master Key (CMK) in KMS and deploy only the encrypted data key. Additionally, users can call KMS to decrypt the data key only when it is needed.|
|Service developer||I do not want to be responsible for the security of users’ keys and data. I need users to personally manage their keys, while I can use specified keys to encrypt their data with their authorization. In this way, I can concentrate on developing service functions.||Based on the envelop encryption technology and the open APIs of KMS, service developers can use specified CMKs to encrypt/decrypt data keys. This easily satisfies the requirement of not storing the plaintext directly in a storage device. Therefore, service developers do not need to worry about how to manage users’ keys.|
|Chief Security Officer (CSO)||I need the key management of my company to meet compliance requirements. I must make sure that keys are reasonably authorized and any use of keys must be audited.||KMS can be associated with RAM for unified authorization management.|