All Documents
Current Document

Content is empty

If you don't find the content you expect, please try another search term



Last updated:2020-11-18 12:01:17

Kingsoft Cloud Key Management Service (KKMS) is an easy-to-use service that can manage and secure keys. KKMS frees you from maintaining the confidentiality, integrity, and availability of keys so that you can focus more on data encryption and decryption functions.


  • High reliability: KKMS implements high reliability by using nationally certified third-party hardware security module (HSM) and a distributed system architecture.
  • Ease of use: KKMS provides a unified and easy-to-use API that enables you to conveniently encrypt local data.
  • Cost efficiency: You can adjust the number of created keys based on business needs, and are charged only for the actual number of keys you use. In addition, up to 20,000 free API calls are provided per month.


  • Key generation: You can create a customer master key (CMK) by using the KKMS console or API. You can use the CMK to encrypt data keys or data with a maximum size of 4 KB, such as passwords, certificates, and configuration files.
  • Key management: KKMS allows you to enable or disable keys at any time, query key details, and modify information about keys.
  • Data encryption and decryption: You can encrypt and decrypt sensitive data by using the KKMS console or API.
  • Envelope encryption: KKMS provides envelope encryption to encrypt and decrypt a large amount of local data.


Scenario Challenge Solution
Website or application development During the development process, developers need to use keys and certificates for encryption or signing. Developers need a secure and independent key management service. Developers can create secure keys in the KKMS console and use online tools to encrypt plaintext certificates.
Core intellectual property protection The core intellectual property needs strict protection, and its leakage may deliver a heavy blow to a company. Some developers encrypt and save sensitive data, but cannot ensure the security of data keys. KKMS provides envelope encryption to encapsulate the data keys of encrypted data in an envelope for storage, transfer, and use. Unauthorized users cannot decrypt the data by using the ciphertext data keys.
Protocol and communication protection The daily work communications of governments and financial institutions involve highly sensitive data. It is necessary to encrypt the protocols between different terminals and different servers. However, the security of the keys that are used to encrypt protocol packets cannot be ensured. KKMS provides key encryption protection and permission management.
On this page
Pure ModeNormal Mode

Pure Mode

Click to preview the document content in full screen