This topic describes the terms used in KMS.

Term Full name Definition
KMS Key Management Service The key management service provided by Alibaba Cloud.
Envelope encryption - The practice of encrypting plaintext by using a unique DK, which is then encrypted with CMK. The EDK is stored and transferred directly over unsecured communication processes. You need to retrieve the EDK only when you need it.
CMK Customer Master Key The master key created by a user in KMS. It is used to encrypt DKs and generate EDKs, as well as to encrypt a small amount of data.
EDK and DK Enveloped Data Key and Data Key DK is the plaintext key used to encrypt data. EDK is the ciphertext key generated by using envelope encryption.