This topic describes the terms used in KMS.
|KMS||Key Management Service||The key management service provided by Alibaba Cloud.|
|Envelope encryption||-||The practice of encrypting plaintext by using a unique DK, which is then encrypted with CMK. The EDK is stored and transferred directly over unsecured communication processes. You need to retrieve the EDK only when you need it.|
|CMK||Customer Master Key||The master key created by a user in KMS. It is used to encrypt DKs and generate EDKs, as well as to encrypt a small amount of data.|
|EDK and DK||Enveloped Data Key and Data Key||DK is the plaintext key used to encrypt data. EDK is the ciphertext key generated by using envelope encryption.|