tencent cloud

密钥管理系统

产品简介
产品概述
产品优势
应用场景
基本概念
购买指南
计费概述
购买方式
续费说明
欠费说明
控制台指南
入门概述
密钥管理
访问控制
审计
TCCLI 管理指南
操作总览
创建密钥
查看密钥
编辑密钥
启用禁用密钥
密钥轮换
对称密钥加解密
非对称密钥解密
删除密钥
实践教程
对称加解密
非对称加解密
KMS 后量子密码实践
外部密钥导入
指数回退策略应对服务限频
云产品集成 KMS 实现透明加密
API 文档
History
Introduction
API Category
Key APIs
Making API Requests
Asymmetric Key APIs
Data Types
Error Codes
服务等级协议
常见问题
一般性问题
开发接入相关问题
KMS 政策
隐私政策
数据处理和安全协议
联系我们
词汇表
文档密钥管理系统API 文档Introduction

Introduction

PDF
聚焦模式
字号
最后更新时间: 2026-03-18 14:14:00

Overview

Key Management Service (KMS) is a security management service that enables you to easily create and manage keys, ensuring their confidentiality, integrity, and availability. It meets the key management needs of users across multiple applications and businesses while complying with compliance requirements.
This section introduces the Key Management Service API interfaces, which are all API 3.0 interfaces.
You can call the API to operate the Key Management Service, such as creating keys, enabling key rotation, generating data keys, and updating ciphertext. For details on specific interfaces, see the API overview.
Please ensure you fully understand the Key Management Service product, how to use, and pricing before using the API.

Glossary

Common terminology for Key Management Service API interface, see the table below:

Term Description
Key Management Service (KMS) is a security management service that lets you easily create and manage keys, ensuring their confidentiality, integrity, and availability. It meets the key management needs of users across multiple applications and businesses while complying with compliance requirements.
The root key (CMK) is a master key kept by Tencent Cloud. The master key is protected by a third-party certified hardware security module (HSM) and is used to encrypt and decrypt sensitive data such as passwords, certificates, and data keys for business operations. You can create and manage CMKs through the console and API.
DEK Data Key (DEK), the key used to encrypt business data, protected by the master key. It can be customized or created through the Tencent Cloud Key Management Service (KMS) API.
Cloud product key is a CMK automatically created for user when Tencent Cloud products (such as CBS, COS, TDSQL) call Key Management Service.
Symmetric key Symmetric encryption and decryption is an encryption method that uses a single-key cryptographic system, where the same key is used for both encryption and decryption.
Asymmetric key Asymmetric encryption requires two keys: a public key and a private key. The public key and private key form a pair. The sender uses the public key to encrypt data, and only the receiver can decrypt it with the corresponding private key. On the other hand, the sender can use the private key to sign confidential information, while the receiver verifies the signature using the corresponding public key.
White-box key refers to a key secured by white-box cryptography, used to protect sensitive root key information on the terminal, such as API SecretKey, authentication keys or tokens for internal system usage, and other locally stored sensitive root key information.

Usage limits
For API parameter limits, refer to the parameter descriptions in the API documentation.

Getting Started with APIs

You can use the API Explorer tool to call APIs online.
This document uses creating a root key as an example. The steps to make an API call via the API Explorer Tool are as follows:

  1. Go to the API Explorer webpage. For more API Explorer Tool usage information, see Using API Explorer.
  2. Call the CreateKey API (https://www.tencentcloud.com/document/product/573/34430?from_cn_redirect=1) to create a root key.
  3. Once the root key is created successfully, go to the console to view and manage the created root key.
上一篇: History下一篇: API Category

帮助和支持

本页内容是否解决了您的问题?

填写满意度调查问卷,共创更好文档体验。

文档反馈