The page has been translated by Gen AI.

Overview

Service Overview

Key Management Service(KMS) is a service that easily creates encryption keys and safely stores/manages them to securely protect important application data. The user encrypts and decrypts data using an encryption key, and the encryption key is reliably managed using a centrally concentrated encryption key method that is hierarchically encrypted.

Provided Features

Key Management Service provides the following functions.

  • Key Management: KMS can create/delete and manage customer-managed keys. Users directly generate data keys that encrypt data using the master key created by KMS.
  • Key Permission Management: You can control and manage usage permissions for the master key based on custom policies.
  • Key Lifecycle Management: Through key rotation, you can generate new encrypted data for the master key without creating a new key, and the key rotation interval can be set according to customer policy. By lifecycle management, encryption keys that are no longer used can be deactivated or deleted, safely protecting data from cryptographic threats.
  • Platform Managed Key: Check item?? ​

Components

Master Key

The master key is used to generate data keys that are used to encrypt data, and depending on the purpose, you can generate symmetric keys (encryption/decryption (AES), generation/verification (HMAC)) and asymmetric keys (encryption/decryption and signing/verification (RSA), signing/verification (ECDSA)). With proper master key management, you can encrypt data keys to protect frequently used data keys during operation.

  • Master key is a key generated through KMS product service creation in the Samsung Cloud Platform Console.

Data Key

Data keys are used to encrypt actual data and are generated for each target service that performs encryption. This ensures that even if one data key is compromised, services encrypted with other data keys are not affected.

HSM (Hardware Security Module)

Stores the root key of the KMS system domain. The master key is generated through the root key stored in an HSM (Hardware Security Module) that complies with the FIPS 140-2 Lv3 standard, and is safely distributed and stored in the KMS for protection.

Constraints

Samsung Cloud Platform’s Key Management Service limits the number of keys generated as follows.

ItemDetailed descriptionQuota
KMS KeyNumber of KMS Keys created per region10000
KMS Validation Password KeyNumber of public authentication algorithm keys that can be generated per Account100
Table. Key Management Service constraints
Reference
  • KMS keys generated as a regional service can only be used within the region.
  • The restrictions on the public authentication algorithm key apply only to the KR SOUTH region.

Preceding Service

Key Management Service has no preceding service.

Security
How-to guides