Overview

Product Overview

Features

Product Strengths

Use Cases

Concepts

Product Introduction

Billing Overview

Purchase Method

Payment Overdue

Purchase Guide

Getting Started

Creating a Key

Viewing keys

Editing Key

Enabling/Disabling Key

Key Rotation

Encryption and Decryption

Deleting Key

Key Management

Managing Sub-account

Creating Access Control Policy

Access Control

Operations Logged by CloudAudit

Viewing Audit Logs

Audit

Console Guide

Operation Overview

Creating Key

Viewing Key

Asymmetric key decryption

 TCCLI Management Guide 

Encrypting/Decrypting Sensitive Data

 Envelope Encryption/Decryption

Symmetrical Encryption and Decryption

Asymmetric Data Encryption and Decryption

Asymmetric Signature Verification

Asymmetric Encryption and Decryption

Post-Quantum Cryptography Practice In KMS

Operation Guide

 Importing External Key

Implementing Exponential Backoff to Deal with Service Frequency

Practical Tutorial

History

Introduction

API Category

Request Structure

Common Params

Signature v3

Signature

Responses

Making API Requests

UpdateKeyDescription

UpdateAlias

ReEncrypt

ListKeys

ListKeyDetail

GetServiceStatus

GetKeyRotationStatus

GenerateDataKey

Encrypt

EnableKeys

EnableKeyRotation

EnableKey

DisableKeys

DisableKeyRotation

DisableKey

DescribeKeys

DescribeKey

Decrypt

CreateKey

ScheduleKeyDeletion

ImportKeyMaterial

GetParametersForImport

GenerateRandom

DeleteImportedKeyMaterial

CancelKeyDeletion

ListAlgorithms

UnbindCloudResource

BindCloudResource

GetRegions

CancelKeyArchive

ArchiveKey

PostQuantumCryptoEncrypt

PostQuantumCryptoDecrypt

Key APIs

GetPublicKey

AsymmetricSm2Decrypt

AsymmetricRsaDecrypt

VerifyByAsymmetricKey

SignByAsymmetricKey

PostQuantumCryptoVerify

PostQuantumCryptoSign

Asymmetric Key APIs

Data Types

Error Codes

API documentation

Service Level Agreement

FAQs

General

FAQS

Privacy Policy

Data Processing And Security Agreement

KMS Policy

Contact Us

Glossary

Key Management Service

Sensitive information encryption is a core capability of KMS, which is mainly used to protect small pieces of sensitive data (less than 4 KB) such as keys, certificates, and configuration files. A CMK is used to encrypt sensitive data instead of storing it in plaintext. During decryption, the data ciphertext is decrypted to the memory, so that the plaintext does not get stored in the disk. HTTPS requests are used in the entire interaction and transfer process, ensuring the security of sensitive data.

If you need to use KMS for high-performance encryption/decryption of massive amounts of data, please see 

https://intl.cloud.tencent.com/document/product/1030/31976

In this scenario, sensitive data is encrypted/decrypted through a CMK, which is protected by a third-party certified hardware security module (HSM). The CMK performs encryption/decryption inside the HSM, and any unauthorized party, including Tencent Cloud, has no access to the CMK in plaintext.

Permission control: Fully integrated with CAM, KMS can control which accounts have access to your CMK through identity and policy management.

Built-in audit: KMS is integrated with CloudAudit to record all API requests for detailed statistics of key management activities and key usage, ensuring that all data operations can be traced and audited.

Integrated key management: KMS enables centralized management of keys from various applications.

Security and compliance: KMS leverages a State Cryptography Administration of China or FIPS-140-2 certified hardware security module (HSM) to generate and protect keys, thereby ensuring their confidentiality, integrity, and availability.

Sensitive data encryption: KMS supports encryption/decryption of small pieces of sensitive data (less than 4 KB), such as keys, certificates, and configuration files.

Tencent Cloud API authentication mainly relies on 

, which are your unique credentials. Tencent Cloud's service systems need such credentials to call Tencent Cloud APIs.

It is recommended to use a sub-account and manage risks by means of API authorization as needed.

Data has already encrypted through sensitive data encryption. To ensure data security, please make sure that the original plaintext data is deleted.

tencent cloud