tencent cloud

Key Management Service

Product Introduction
Product Overview
Product Strengths
Use Cases
Concepts
Purchase Guide
Billing Overview
Purchase Method
Renewal Instructions
Payment Overdue
Console Guide
Getting Started
Key Management
Access Control
Audit
TCCLI Management Guide
Operation Overview
Creating Key
Viewing Key
Editing Key
Enabling/Disabling Key
Key Rotation
Encryption and Decryption
Asymmetric key decryption
Deleting Key
Practical Tutorial
Symmetrical Encryption and Decryption
Asymmetric Encryption and Decryption
Post-Quantum Cryptography Practice In KMS
Importing External Key
Implementing Exponential Backoff to Deal with Service Frequency
Cloud Product Integration with KMS for Transparent Encryption
API documentation
History
Introduction
API Category
Key APIs
Making API Requests
Asymmetric Key APIs
Data Types
Error Codes
Service Level Agreement
FAQS
FAQs
General
KMS Policy
Privacy Policy
Data Processing And Security Agreement
Contact Us
Glossary
DocumentationKey Management ServiceProduct IntroductionProduct Strengths

Product Strengths

PDF
Focus Mode
Font Size
Last updated: 2025-09-05 16:59:27

Security and Compliance

KMS leverages the third-party certified hardware security module (HSM) to generate and protect keys. The security and quality control practices adopted by KMS are accredited by multiple compliance schemes. The creation, management, and other operations of your master keys are performed in the compliant HSM.

High availability

Ensuring the continuous availability of critical keys serves as the cornerstone of business continuity. Tencent Cloud KMS employs a three-layer architectural design to achieve high availability across multiple Availability Zones (AZs) in terms of key storage, encryption operations, and service access, effectively mitigating risks associated with single points of failure:
Cross-AZ Redundancy for Key Data: Your keys and their critical information are automatically backed up in encrypted form across multiple AZs located in different physical locations. Even in the event of a failure in a single AZ, other backup points ensure the security and availability of the keys, ensuring uninterrupted encryption and decryption operations for your business.
Cross-AZ Deployment of Encryption Machine Clusters: The underlying hardware encryption machines (HSMs) responsible for encryption operations are distributed across multiple data centers. In the event of a failure in one AZ, the system swiftly redirects encryption tasks to healthy encryption machines in other AZs, ensuring the stable operation of encryption services.
High Availability of Service Access Points Across AZs: The cloud API access points and control nodes of KMS are also deployed across multiple AZs. If an issue arises in one AZ, client requests are automatically redirected to service nodes in other AZs, guaranteeing uninterrupted access to the management interface and APIs.

Centralized key management

KMS can be called and integrated through APIs, SDKs, and connected Tencent Cloud products to centrally manage the key policies of your business applications in and outside Tencent Cloud.

Cost Controllability

Pay-as-you-go KMS can be deployed quickly at the click of a button. Tencent Cloud covers all backend maintenance, eliminating your need to purchase any dedicated hardware encryption devices.

Simplified encryption service

The KMS Ultimate Edition protects keys by envelope encryption and encapsulates them using the Encryption SDK for complex management. To encrypt/decrypt massive data, you only need to call encryption/decryption APIs and ensure your permission control of the CMK.

Previous Topic: Product OverviewNext Topic: Use Cases

Help and Support

Was this page helpful?

Help us improve! Rate your documentation experience in 5 mins.

Feedback