Key Management Service
Easily encode your data which are hosted on the cloud
Flexible Engine / Security
Component level: every component works in active-standby mode or active-active mode.
Backup: Data in KMS Keystores are backup regularly by Backup Storage and can be restored in case of emergency.
AZ level: not support currently.
KMS service adopts a hierarchical key architecture to build a trust chain based HSM as the trust root from Root Key, CMK to DEK and pass keys in TLSv1.2 secure channel.
Huawei KMS only supports SafeNet(acquired by Gemalto) LunaSA 7000 HSM and isn’t compatible with other HSMs.
Key Management Service (KMS) is a secure, reliable, and easy-to-use service that helps users centrally manage and safeguard their Customer Master Keys (CMKs) and SSH key pairs.
KMS uses hardware security modules (HSMs) to protect CMKs. HSMs help you create and control CMKs with ease. All CMKs are protected by root keys in HSMs to avoid leakage.
KMS implements access control and log-based tracking on all operations on CMKs. With records of use of all CMKs, it meets your audit and regulatory compliance requirements.
KMS uses hardware security modules (HSMs) to generate true random numbers which are then used to produce key pairs. In addition, it adopts a complete and reliable key pair management solution to help users create, import, and manage key pairs with ease. The public key of a generated key pair is stored in HUAWEI CLOUD while the private key is downloaded and saved by the user. This helps ensure the privacy and security of the key pair.
Application scenario: Key Managed Service
KMS uses validated HSMs to protect your keys, so you can effortlessly create and manage keys for data encryption. It can be Integrated with other HUAWEI CLOUD services such as OBS, EVS, and IMS.