百度智能云
All Product Document

          Key Management Service

          • KMS
          • >
          • Product Description
          • >
          • Introduction

          Introduction

          Last Updated2020-07-20

          The Key Management Service (KMS for short) is a key management service provided by Baidu AI Cloud, and you can manage the key information on the cloud conveniently, safely and reliably through such service. The user can be freed from the implementation of complicated key device management and security mechanism, and only needs to focus on the encryption and decryption function scenarios at the top of the business.

          The specific problems that KMS can solve are as follows:

          Classification Scenarios KMS solution
          Website application It is very dangerous to store the user's account, password and other key data of the website in plaintext, which may lead to huge losses in case of leakage or being theft; therefore, they shall be stored in an encrypted manner with keys, and be decrypted when they are used. The key must be managed safely and properly, and the access must be authorized. The account, password and other sensitive data shall be encrypted with the keys stored in KMS at first, and then stored; when they are to be used, they shall be decrypted with the key stored in KMS at first, and then use the data. The key is not stored outside KMS to ensure security. The call of key must have rigorous authentication mechanism.
          Data transmission The website often uses the HTTPS protocol to secure the data transfer, and SSL certificates, i.e. keys, are required when a website provides HTTPS services. The SSL certificates can be easily obtained by an attacker if they are kept locally in plaintext. The SSL certificates is encrypted through KMS service, and the ciphertext files of the key is saved locally, which are decrypted through the interface when used, and an attacker is hard to obtain if they are not saved in plaintext.
          Compliance The policies and regulations provide that, the key management must comply with relevant regulations to ensure that the key calls must be properly authorized, and that key-related operations can be audited and traced. Each call to KMS API is fully checked for privilege, and all operations must be fully logged.
          Previous
          Release Notes
          Next
          Core Concepts