Product Strengths
Last updated: 2025-09-05 16:59:27
Security and Compliance
KMS leverages the third-party certified hardware security module (HSM) to generate and protect keys. The security and quality control practices adopted by KMS are accredited by multiple compliance schemes. The creation, management, and other operations of your master keys are performed in the compliant HSM.
High availability
Ensuring the continuous availability of critical keys serves as the cornerstone of business continuity. Tencent Cloud KMS employs a three-layer architectural design to achieve high availability across multiple Availability Zones (AZs) in terms of key storage, encryption operations, and service access, effectively mitigating risks associated with single points of failure:
Cross-AZ Redundancy for Key Data: Your keys and their critical information are automatically backed up in encrypted form across multiple AZs located in different physical locations. Even in the event of a failure in a single AZ, other backup points ensure the security and availability of the keys, ensuring uninterrupted encryption and decryption operations for your business.
Cross-AZ Deployment of Encryption Machine Clusters: The underlying hardware encryption machines (HSMs) responsible for encryption operations are distributed across multiple data centers. In the event of a failure in one AZ, the system swiftly redirects encryption tasks to healthy encryption machines in other AZs, ensuring the stable operation of encryption services.
High Availability of Service Access Points Across AZs: The cloud API access points and control nodes of KMS are also deployed across multiple AZs. If an issue arises in one AZ, client requests are automatically redirected to service nodes in other AZs, guaranteeing uninterrupted access to the management interface and APIs.
Centralized key management
KMS can be called and integrated through APIs, SDKs, and connected Tencent Cloud products to centrally manage the key policies of your business applications in and outside Tencent Cloud.
Cost Controllability
Pay-as-you-go KMS can be deployed quickly at the click of a button. Tencent Cloud covers all backend maintenance, eliminating your need to purchase any dedicated hardware encryption devices.
Simplified encryption service
The KMS Ultimate Edition protects keys by envelope encryption and encapsulates them using the Encryption SDK for complex management. To encrypt/decrypt massive data, you only need to call encryption/decryption APIs and ensure your permission control of the CMK.
Was this page helpful?
You can also Contact Sales or Submit a Ticket for help.
Yes
No
Feedback