Key Management Service

Easily Creates and Securely Protects Encryption Keys

Key Management Service (KMS) is a secure, easy-to-use service that enables users to create, store and manage encryption keys, thereby securely protecting critical data in applications. The encryption key is used to encrypt/decrypt data and is managed securely in a centralized manner.

Overview

01

04

Service Architecture

  • User ↔ Key Management Service
  • Key Administrator ↔ Key Management Service
    • Key Management Service
      • User Interface (UI, API)
      • Authentication/Permissions (Authentication, Permissions)
      • Encryption (Data Encryption/Decryption, Signature/Verification)
      Key Management (key Creation, key Deletion, key Rotation, Operation History Management)

Key Features

  • Key types

    - Encryption/Decryption (AES256) : Use the AES256 key (symmetric key) for data encryption operation of up to 32KB
    - Encryption/Decryption or Signature/Verification (RSA-2048) : Use the RSA key (asymmetric key, 2048 bit) for data encryption of up to 190B or 8KB signature
    - Signature/Verification (ECDSA) : Use the ECDSA key (asymmetric key) for data signature of up to 8KB

  • Managing key permissions

    - Select an account that will be granted access to the master key (An account within the same project)
    - Assignment of key roles : Key manager, Encryptor/Decryptor, Encryptor, Decryptor, Key reviewer

  • Managing key lifecycle

    - Key rotation : Create a new key version. Define automatic key rotation, anywhere from 1 day to 730 days.
    - Key deletion : Upon request, a key will immediately be disabled and be permanently deleted after 72 hours
    - View operational logs : Date of operation, operation details and results, account used for operation

Pricing

    • Billing
    • Number of owned key + Number of key requests
Let’s talk

Whether you’re looking for a specific business solution or just need some questions answered, we’re here to help

Share