Key Management Service

Easily encode your data which are hosted on the cloud

Flexible Engine / Security



Component level: every component works in active-standby mode or active-active mode.

Backup: Data in KMS Keystores are backup regularly by Backup Storage and can be restored in case of emergency.

AZ level: not support currently.


KMS service adopts a hierarchical key architecture to build a trust chain based HSM as the trust root from Root Key, CMK to DEK and pass keys in TLSv1.2 secure channel.


Huawei KMS only supports SafeNet(acquired by Gemalto) LunaSA 7000 HSM and isn’t compatible with other HSMs.


Key Management Service (KMS) is a secure, reliable, and easy-to-use service that helps users centrally manage and safeguard their Customer Master Keys (CMKs) and SSH key pairs.

KMS uses hardware security modules (HSMs) to protect CMKs. HSMs help you create and control CMKs with ease. All CMKs are protected by root keys in HSMs to avoid leakage.

KMS implements access control and log-based tracking on all operations on CMKs. With records of use of all CMKs, it meets your audit and regulatory compliance requirements.

KMS uses hardware security modules (HSMs) to generate true random numbers which are then used to produce key pairs. In addition, it adopts a complete and reliable key pair management solution to help users create, import, and manage key pairs with ease. The public key of a generated key pair is stored in HUAWEI CLOUD while the private key is downloaded and saved by the user. This helps ensure the privacy and security of the key pair.

Application scenario: Key Managed Service

KMS uses validated HSMs to protect your keys, so you can effortlessly create and manage keys for data encryption. It can be Integrated with other HUAWEI CLOUD services such as OBS, EVS, and IMS.

Do you have a project?
Are you interested in our solution?
We will reply to you under 48 hours.
Our support Services
Our complementary offers