The following table describes the APIs that you can call in different scenarios.
|Customer master key (CMK)||CMK management||Manages a CMK throughout its lifecycle and queries information about a CMK.||KMS API||None.|
|Key version management||Rotates CMKs and queries the versions of CMKs.|
|Alias management||Manages an alias throughout its lifecycle and queries information about an alias.
An alias is an independent object in KMS. An alias must be bound to a unique CMK.
You can set the
|Cryptographic operation||Uses keys to perform cryptographic operations, such as data encryption and decryption.||
|Secrets Manager||Secrets management||Manages and protects sensitive data by using secrets and provides secret distribution and rotation capabilities.||KMS API||None.|
|Certificates Manager||Certificate management||Allows you to create, delete, and update a certificate, and query the information about a certificate. Allows you to generate and verify a signature.|
|Others||Tag management||Manages the tag that is associated with a resource throughout the lifecycle of the tag and queries the tags of a specified resource.|
|Common operations||Activates KMS and queries the status of KMS and available regions.|