Document Center

All Products

Document Center

Key Management Service:Release notes

Last Updated:Mar 20, 2026

This topic describes the release notes for Key Management Service (KMS).

Image version	Change type	Description	Release date	Region	References
dkms-3.9.0	New feature	Supports access and authentication for Instance Gateway OpenAPI's GenerateDataKey and Decrypt operations in Trusted Computing Environments (TCE).	2026-01-13	All regions	Policy condition keys
dkms-3.9.0	Optimization	API compatibility: Instance SDK now supports asymmetric key rotation.	2026-01-13	All regions	None
dkms-3.8.0	New feature	Hardware instances now support manual backup.	2026-01-06	All regions	Backup management
dkms-3.7.0	New feature	International hardware instances support asymmetric BYOK. Supports migration of international single-version keys to hardware instances.	2025-12-09	International regions	Migration steps
dkms-3.6.2	Optimization	Supports Strict Mode for resource policy authentication.	2025-10-28	All regions	Policy condition keys
dkms-3.6.1	Optimization	Resolved backup issues for single-owner scenarios.	2025-10-09	All regions	None
dkms-3.6.0	New feature	Instance sharing now supports Independent Ownership mode. Software instances support multi-version BYOK.	2025-09-12	All regions	Share KMS instances across multiple accounts
dkms-3.5.0	New feature	Supports migration of multi-version symmetric keys to hardware instances in the Chinese mainland regions.	2025-08-13	US regions	Migration steps
dkms-3.4.0	New feature	New instances in US regions exclusively support TLSv1.2.	2025-08-06	All regions	N/A
dkms-3.3.0	New feature	Hardware instances in China support key rotation.	2025-08-12	All regions	Migration steps
dkms-3.3.0	Optimization	Fixed session issues for international hardware instances.	2025-08-12	All regions	Migration steps
dkms-3.2.2	New feature	Software key management instances support creating asymmetric keys with the RSA-4096 specification.	Jun 18, 2025	All regions	Understanding KMS keys
dkms-3.2.0	Optimization	Improves secret retrieval performance by caching secrets in ciphertext in the Redis database.	Feb 19, 2025	All regions	None
dkms-3.1.0	Optimization	Supports dynamic awareness of HSM cluster changes for data synchronization after cluster scale-out.	Jan 7, 2025	All regions	Purchase and enable a KMS instance
dkms-3.0.0	New feature	When performing cryptographic operations, you can use the Alibaba Cloud SDK to call OpenAPI through a dedicated gateway.	Dec 23, 2024	All regions	Alibaba Cloud SDK
dkms-2.9.0	Optimization	KMS security hardening.	Oct 31, 2024	All regions	None
dkms-2.8.0	New feature	KMS 1.0 will enter the End of Full Support (EoFS) phase on March 30, 2025, at 00:00:00 (GMT+8) and End of Service (EOS) phase on September 30, 2025, at 00:00:00 (GMT+8). To ensure your business is not impacted, migrate KMS 1.0 resources to KMS 3.0 instances as soon as possible.	Sep 25, 2024	All regions	Migrate KMS 1.0 resources to KMS 3.0 instances
dkms-2.7.0	New feature	Events for secret rotation, scheduled deletion, and actual deletion will be delivered to Cloud Monitor.	Jun 3, 2024	All regions	Alert events

January-June 2024

June 2024

Feature overview	Release date	Region	References
Data Management (DMS) supports logging on to databases using KMS secrets.	Jun 3, 2024	All regions	Integrate ApsaraDB RDS secrets into DMS
KMS software key management instances support the free automatic backup feature.	May 10, 2024	All regions	Backup management

May 2024

Feature overview	Release date	Region	References
KMS software key management instances support BYOK keys.	May 9, 2024	All regions	Import symmetric key material Import asymmetric key material
KMS adds external key management instances that support HYOK keys.	Apr 29, 2024	All regions	Manage external keys

April 2024

Feature overview	Release date	Region	References
KMS adds external key management instances that support HYOK keys.	Apr 29, 2024	All regions	Manage external keys
KMS supports cross-region synchronization of keys in KMS instances.	Apr 11, 2024	All regions	Cross-region synchronization

March 2024

Feature overview	Release date	Region	References
KMS supports resource-based access control policies. You can attach policies to resources such as keys or secrets to control which Alibaba Cloud accounts, RAM users, and RAM roles can access or perform operations on the resources.	Mar 20, 2024	All regions	Key policies Secret policies

January-December 2023

December 2023

Feature overview	Release date	Region	References
The SecretType parameter is provided when you call the ListSecrets operation.	Dec 27, 2023	All regions	ListSecrets
The Thailand (Bangkok) region is supported.	Dec 27, 2023	Thailand (Bangkok)	Regions and zones

November 2023

Feature overview	Release date	Region	References
Integration with Cloud Monitor (CMS) adds alert settings. System events can be monitored and alerted.	Nov 24, 2023	All regions	Alert events

October 2023

Feature overview	Release date	Region	References
Integration with Simple Log Service (SLS) supports storing and query analysis of access logs for the data plane of KMS instances for nearly 180 days.	Oct 30, 2023	All regions	Overview of Simple Log Service Use Simple Log Service Log field details

September 2023

Feature overview	Release date	Region	References
KMS instances support the generation of asymmetric data key pairs.	Sep 25, 2023	All regions	GenerateDataKeyPair GenerateDataKeyPairWithoutPlaintext AdvanceGenerateDataKeyPair AdvanceGenerateDataKeyPairWithoutPlaintext

August 2023

Feature overview	Release date	Region	References
KMS instances support dual-zone deployment to improve service availability and disaster recovery capabilities.	Aug 11, 2023	All regions	Purchase and activate KMS instances

July 2023

Feature overview	Release date	Region	References
Computing performance of 10,000 and 20,000 QPS is supported for KMS instances of the software key management type.	Jul 28, 2023	All regions	Performance data
The China (Chengdu) region is supported.	Jul 28, 2023	China (Chengdu)	Regions and zones

June 2023

Feature overview	Release date	Region	References
KMS supports access to Alibaba Cloud Tag Service. Note You can add tags to multiple keys or secrets at a time compared with the original tag feature of KMS.	Jun 20, 2023	China (Hangzhou), China (Shanghai), China (Shenzhen), China (Heyuan), China (Guangzhou), China (Beijing), China (Zhangjiakou), China (Hohhot), China (Ulanqab), China (Chengdu), China (Hong Kong), Japan (Tokyo), South Korea (Seoul), Singapore, Malaysia (Kuala Lumpur), Indonesia (Jakarta), Germany (Frankfurt), UK (London), US (Silicon Valley), US (Virginia), Philippines (Manila), and Thailand (Bangkok)	TagResources UntagResources ListTagResources
Symmetric keys in KMS instances of the software key management type can be rotated.			Key rotation
Keys and secrets in KMS instances of the software key management type can be backed up and restored.			Backup management

April 2023

Feature overview	Release date	Region	References
A KMS instance can be shared across multiple Alibaba Cloud accounts for server-side encryption in Alibaba Cloud services by using the resource sharing feature.	Apr 20, 2023	China (Hangzhou), China (Shanghai), China (Shenzhen), China (Heyuan), China (Guangzhou), China (Beijing), China (Zhangjiakou), China (Hohhot), China (Ulanqab), China (Chengdu), China (Hong Kong), Japan (Tokyo), South Korea (Seoul), Singapore, Malaysia (Kuala Lumpur), Indonesia (Jakarta), Germany (Frankfurt), UK (London), US (Silicon Valley), US (Virginia), Philippines (Manila), and Thailand (Bangkok)	Share KMS instances across multiple accounts

March 2023

Feature overview	Release date	Region	References
A new version of the KMS console is released. You can create and manage software-protected keys, hardware-protected keys, and default keys. You can also create and manage secrets.	Mar 16, 2023	All regions	What is Key Management Service Overview of Key Management Service Overview of Secrets Manager

January-December 2022

No feature releases.

2021 and earlier

October 2021

Feature overview	Release date	Region	References
The Philippines (Manila) region is supported.	Oct 1, 2021	Philippines (Manila)	None

September 2021

Feature overview	Release date	Region	References
KMS supports Dedicated KMS Standard Edition	Sep 5, 2021	China (Hangzhou), China (Shanghai), China (Beijing), China (Shenzhen), China (Hong Kong), Malaysia (Kuala Lumpur), and Singapore	Overview of Dedicated KMS Standard Edition Manage Dedicated KMS Standard Edition instances Manage application endpoints Dedicated KMS SDK

August 2021

Feature overview	Release date	Region	References
KMS supports dynamic RAM secrets	Aug 13, 2021	All regions	Overview of dynamic RAM secrets Managed secret plug-in for Alibaba Cloud SDKs

January 2021

Feature overview	Release date	Region	References
KMS supports dynamic ApsaraDB RDS secrets. New APIs: RotateSecret and UpdateSecretRotationPolicy.	Jan 4, 2021	All regions	Overview of dynamic ApsaraDB RDS secrets Secrets Manager JDBC client RotateSecret UpdateSecretRotationPolicy

October 2020

Feature overview	Release date	Region	References
An API operation is supported to activate KMS. New APIs: OpenKmsService and DescribeAccountKmsStatus.	Oct 20, 2020	All regions	OpenKmsService DescribeAccountKmsStatus

July 2020

Feature overview	Release date	Region	References
KMS supports cross-system exchange, re-encryption, and cross-region import and export of data keys. New APIs: GenerateDataKeyWithoutPlaintext, GenerateAndExportDataKey, ExportDataKey, and ReEncrypt. KMS is available in the China (Guangzhou) region.	Jul 7, 2020	All regions	GenerateDataKeyWithoutPlaintext GenerateAndExportDataKey ExportDataKey ReEncrypt

February 2020

Feature overview	Release date	Region	References
The Secrets Manager feature of KMS is released. API operations are added to support the Secrets Manager feature. KMS is available in the China (Ulanqab) and China (Heyuan) regions.	Feb 24, 2020	All regions	Overview of Secrets Manager Overview of generic secrets Manage generic secrets Rotate a generic secret

December 2019

Feature overview	Release date	Region	References
KMS supports asymmetric keys. New APIs: AsymmetricEncrypt, AsymmetricDecrypt, AsymmetricSign, AsymmetricVerify, and GetPublicKey.	Dec 13, 2019	All regions	Overview of asymmetric keys Asymmetric data encryption and decryption Asymmetric Digital Signatures

November 2019

Feature overview	Release date	Region	References
A hardware security module (HSM) cluster can be used to store keys in instances of the hardware key management type. HSMs meet the regulatory requirements of State Cryptography Administration (SCA).	Nov 18, 2019	China (Beijing) and China (Shanghai)	KMS hardware key management instances support HSMs

September 2019

Feature overview	Release date	Region	References
Each customer master key (CMK) can have multiple versions. Automatic rotation of CMKs is supported. New APIs: UpdateKeyDescription and GenerateDataKeyWithoutPlaintext.	Sep 24, 2019	All regions	Automatic rotation of keys

July 2019

Feature overview	Release date	Region	References
A HSM cluster can be used to store keys in instances of the hardware key management type.	Jul 31, 2019	Singapore and China (Hong Kong)	KMS hardware key management instances support HSMs

May 2019

Feature overview	Release date	Region	References
Key tags and tag-based authentication are supported.	May 1, 2019	All regions	TagResource Use RAM to implement access control on resources

July 2018

Feature overview	Release date	Region	References
ActionTrail is supported.	Jul 24, 2018	All regions	Use ActionTrail to query the operations of Key Management Service

March 2018

Feature overview	Release date	Region	References
API operations are added to support Bring Your Own Key (BYOK). API operations are added to support CMK aliases. KMS is available in the following regions: Indonesia (Jakarta), US (Virginia), and US (Silicon Valley).	Aug 30, 2018	All regions	Import key material

November 2017

Feature overview	Release date	Region	References
KMS is available in the following regions: China (Qingdao), China (Hohhot), and Malaysia (Kuala Lumpur).	Nov 15, 2017	China (Qingdao), China (Hohhot), and Malaysia (Kuala Lumpur)	None

June 2017

Feature overview	Release date	Region	References
New API: DescribeRegions. The KMS SDK version is updated to V2.4.0.	Jun 5, 2017	All regions	DescribeRegions

May 2017

Feature overview	Release date	Region	References
KMS is available for commercial use at the China site (aliyun.com) on April 25, 2017. KMS is available in the China (Zhangjiakou) region.	May 10, 2017	All regions	None

March 2017

Feature overview	Release date	Region	References
Performance optimization.	Mar 1, 2017	All regions	None

January 2017

Feature overview	Release date	Region	References
KMS is available in the China (Hong Kong) region.	Jan 22, 2017	China (Hong Kong)	None

November 2016

Feature overview	Release date	Region	References
KMS is available in the following regions: Japan (Tokyo), Germany (Frankfurt), and UAE (Dubai).	Nov 29, 2016	Japan (Tokyo), Germany (Frankfurt), and UAE (Dubai)	None

September 2016

Feature overview	Release date	Region	References
New APIs related to key deletion: ScheduleKeyDeletion and CancelKeyDeletion.	Sep 20, 2016	All regions	ScheduleKeyDeletion CancelKeyDeletion

August 2016

Feature overview	Release date	Region	References
The EncryptionContext parameter can be configured in the Encrypt and Decrypt API operations.	Aug 10, 2016	All regions	Description of EncryptionContext

June 2016

Feature overview	Release date	Region	References
A CMK can be enabled or disabled.	Jun 22, 2016	All regions	Create a CMK

May 2016

Feature overview	Release date	Region	References
KMS is available in the following regions: China (Beijing), China (Shanghai), and China (Shenzhen).	May 19, 2016	China (Beijing), China (Shanghai), and China (Shenzhen)	None

April 2016

Feature overview	Release date	Region	References
KMS is released.	Apr 6, 2016	All regions	What is Key Management Service