Key Management Service:Billing of KMS 1.0

Billable items

Billing method: Pay-as-you-go

The fees for KMS include key hosting fees and API call fees.

• Key hosting fees

  You are not charged for customer master keys (CMKs) in the Pending Deletion state. The following billing rules apply to CMKs that are not in the Pending Deletion state.

  Key creator	Billable item	Unit price in public cloud regions (USD/day)
  Alibaba Cloud service	Key version of a service key	0.0
  User	Key version of a software-protected key	0.002
  	Key version of a basic hardware-protected key	0.033
  	Key version of an advanced hardware-protected key	For the first 2,000 key versions: 0.083 Proportion for versions greater than 2000: 0.033

• API call fees

  You are charged only for calling cryptographic operations. For more information about cryptographic operations, see Cryptographic operations.

  Key type	Unit price in public cloud regions in the Chinese mainland (USD/10,000 calls)	Unit price in public cloud regions outside the Chinese mainland (USD/10,000 calls)
  Service key	0	0
  Basic key (software-protected and hardware-protected)	0.08	0.03
  Advanced key (software-protected and hardware-protected)	0.24	0.15

Billing examples

• Billing example 1: Disk encryption

  Assume that you create 250 encrypted disks per month in the Singapore region and use one customer master key (CMK) to encrypt the disks.

  • Fee breakdown

    • One CMK

      Note

      The CMK can be a service key or a user-created hardware-protected key.

    • 750 API calls: Creating an encrypted disk requires creating a data key and then encrypting and decrypting it. This process requires approximately three API calls per disk.

  • Estimated monthly cost

    Fee	Service key (USD)	User-created hardware-protected key (USD)
    Key hosting	0	1
    API calls	0	0.002 (0.03 × 750 / 10,000)
    Total	0	1.002

• Billing example 2: OSS client-side encryption

  Assume that you use one CMK for client-side envelope encryption of objects in the Singapore region. You upload 10,000 encrypted objects and read the encrypted objects 2,000,000 times per month.

  • Fee breakdown

    • One CMK (subject to key hosting fees)

    • 10,000 API calls to create data keys (1 call × 10,000 objects)

    • 2,000,000 API calls for decryption

  • Estimated monthly cost

    Fee	User-created hardware-protected key (USD)
    Key hosting	1
    API calls	6.03 (0.03 × 2,010,000 / 10,000)
    Total	7.03

• Billing example 3: Signature application

  Assume that you use one CMK of the EC_P256 key spec to sign files 100,000 times in the Singapore region.

  • Fee breakdown

    • One CMK (subject to key hosting fees)

    • 100,000 API calls for signing

  • Estimated monthly cost

    Fee	User-created hardware-protected key (USD)
    Key hosting	2.49
    API calls	1.50 (0.15 × 100,000 / 10,000)
    Total	3.99

Overdue payments

• An overdue payment occurs if the available balance in your account, including cash and coupons, is insufficient to pay your outstanding bills. During the overdue period, you are not charged for KMS 1.0.

• The service is suspended immediately after an overdue payment occurs. Your keys and credentials in KMS 1.0 are retained, but your access to KMS is denied.

• After your account has an overdue payment, top up your account promptly to ensure a sufficient balance and prevent service interruptions.

Resource usage and bills

You can query and export the usage and bills for KMS in Expenses and Costs.

Stop billing

You are no longer charged after you delete all key resources from your Alibaba Cloud account.

KMS only lets you schedule key deletions. After you schedule a key for deletion, the key enters the Pending Deletion state. In this state, the key is no longer billed. You cannot use it to encrypt, decrypt, sign, verify signatures, or generate data keys. After the scheduled deletion period ends, the key is deleted and cannot be recovered. For more information, see Schedule a key for deletion.