If a dedicated Key Management Service (KMS) instance is in the Connected state, you can perform the following operations based on your business requirements: query the instance and reconnect it to or disconnect it from a hardware security module (HSM) cluster.

Query a dedicated KMS instance

You can query the ID or endpoint of a dedicated KMS instance, the virtual private cloud (VPC) in which the instance resides, and the HSM cluster of the instance based on your business requirements.

Each dedicated KMS instance provides an endpoint in the https://{service_id}.cryptoservice.kms.aliyuncs.com format. Example: https://kst-phzz6108e50c15333w****.cryptoservice.kms.aliyuncs.com.

  1. Log on to the KMS Console.
  2. In the upper-left corner of the page, select the region where you want to purchase a dedicated KMS instance.
    For more information about the regions that support dedicated KMS, see Supported regions.
  3. In the left-side navigation pane, click Dedicated KMS.
  4. Click the name of the dedicated KMS instance that you want to manage.
  5. In the Service Information section, view the details of the dedicated KMS instance.

Disconnect a dedicated KMS instance from an HSM cluster

If you want to connect a dedicated KMS instance to a different HSM cluster, you must disconnect the instance from the current HSM cluster.

  1. In the left-side navigation pane, click Dedicated KMS.
  2. Find the dedicated KMS instance that you want to manage and click Manage in the Actions column.
  3. Click Disconnect to the right of Dedicated HSM Cluster.
  4. In the Disconnect dialog box, click Disconnect.
    If the status of the HSM cluster changes to Not Connected, the dedicated KMS instance is disconnected from the HSM cluster.

Reconnect a dedicated KMS instance to the HSM cluster

If your dedicated KMS instance is configured and connected to an HSM cluster, you must reconnect the instance to the HSM cluster after you manually disconnect the instance. To reconnect the instance to the HSM cluster, you need only to configure the access credential and click Connect to HSM.

  1. In the left-side navigation pane, click Dedicated KMS.
  2. Find the dedicated KMS instance that you want to manage and click Connect in the Actions column.
  3. In the Connect to HSM dialog box, configure the Configure Access Credential parameter and click Connect to HSM.
    Wait a few minutes. If the status of the instance changes from Creating Connection to Connected, the HSM cluster is reconnected.