After activating KMS, you can easily create different keys on the console to meet the requirements of various business scenarios. Keys are centrally managed in KMS to meet security and compliance requirements.
Before You Begin
You have activated KMS.
Create Key
1. Log in to the KMS console;
2. In the navigation bar at the top of the page, select the area where the key is located.
3. Click Create Key. In the Create Key dialog box that is displayed, configure the key as prompted.
Configuration Item | Description |
Key Type | l Value: l Symmetric key type: AES_256 l Asymmetric key type: RSA_2048
|
Key Usage | Value: Encrypt/Decrypt: Data encryption and decryption Sign/Verify: Generate and verify digital signatures Note: Sign/Verify is not supported by symmetric keys. |
Alias | Optional identification of CMK. For details, see Alias Management. |
Protection Level | Value: Software: Protects keys through software modules. HSM: Stores the key in a cryptographic device to ensure that the key is protected by dedicated hardware with a high level of security. |
Description | Key description. |
Rotation Interval | Period of automatic rotation. Value: Disable: Disable rotation 30 days 90 days 180 days Custom: 7-730 days Note: You can only set the automatic rotation period for symmetric keys (AES_256). |
Source of Key Material | Value: eSurfing Cloud KMS: Key materials will be generated by KMS. External: KMS will not generate key materials. You need to import your own key materials into KMS. For more information, see Import Key Material. Note: You can only import key materials for symmetric keys (AES_256). |
4. Click OK. In the key list, you can view the key ID, key status, key type, key purpose, and key protection level.
Use a Key
You can integrate the key into your self-managed application to realize the cryptographic technology transformation at the application layer. It can be used in cloud products integrated with KMS for server-side encryption of cloud products.
Self-managed application integrated with KMS to realize the transformation of cryptographic technology.
KMS provides a minimalist API for you to easily implement the call for data encryption and decryption, signature verification and other scenarios;
For fast integration with SDK, see SDK Reference.
Cloud products integrated with KMS keys for server-side encryption
Currently, KMS provides server-side encryption for EVS and ZOS. When creating cloud resources, you can enable transparent encryption with one click. For details, see Server-side Encryption.