What can Tencent Cloud KMS do?
Tencent Cloud KMS provides full lifecycle management of symmetric and asymmetric keys during the encryption process, including generation, storage, enabling/disabling, distribution, rotation, auditing, and destruction. This meets the key management needs of users with multiple applications and services while complying with regulatory requirements. Additionally, KMS offers encryption capabilities such as sensitive data encryption, envelope encryption, and cloud product integration, allowing users to focus on business development.
Which cloud services support data encryption using Key Management System?
KMS seamlessly integrates with Tencent Cloud products such as TencentDB, COS, and CBS, encrypting cloud product data using envelope encryption provided by KMS.
What is the difference between Customer Master Keys and Tencent Cloud Managed CMKs in the Key Management System console?
Customer Master Keys (CMKs) are created by users through the console or API. You can perform operations such as creating, enabling, disabling, rotating, and controlling access to these keys.
Cloud Product Keys are CMKs automatically created for users by Tencent Cloud products/services (such as CBS, COS, TDSQL, etc.) when invoking the Key Management System. You can query and enable key rotation for cloud product keys, but disabling and scheduled deletion operations are not supported.
How can massive data be encrypted?
For larger data encryption, it is recommended to use the envelope encryption scheme for high-performance local data encryption and decryption.
Does KMS impose access rate limitations on users?
KMS imposes limits on the frequency of user access.
For the same primary account (accessing KMS services under its own account), the maximum access frequency to a single KMS service interface is 15,000 times per second.
For a role-authorized master account (after granting permission, the master account can access other accounts' KMS services), the maximum access frequency for a single KMS interface is 3,000 times per second.
If the frequency of accessing KMS service exceeds the corresponding value, please submit a ticket to contact us for adjustments.