tencent cloud

Key Management Service

Product Introduction
Product Overview
Product Strengths
Use Cases
Concepts
Purchase Guide
Billing Overview
Purchase Method
Renewal Instructions
Payment Overdue
Console Guide
Getting Started
Key Management
Access Control
Audit
TCCLI Management Guide
Operation Overview
Creating Key
Viewing Key
Editing Key
Enabling/Disabling Key
Key Rotation
Encryption and Decryption
Asymmetric key decryption
Deleting Key
Practical Tutorial
Symmetrical Encryption and Decryption
Asymmetric Encryption and Decryption
Post-Quantum Cryptography Practice In KMS
Importing External Key
Implementing Exponential Backoff to Deal with Service Frequency
Cloud Product Integration with KMS for Transparent Encryption
API documentation
History
Introduction
API Category
Key APIs
Making API Requests
Asymmetric Key APIs
Data Types
Error Codes
Service Level Agreement
FAQS
FAQs
General
KMS Policy
Privacy Policy
Data Processing And Security Agreement
Contact Us
Glossary
DocumentationKey Management ServiceFAQSFAQs

FAQs

PDF
Focus Mode
Font Size
Last updated: 2025-02-06 15:19:27

Is there a limit on the number of CMKs that can be created in KMS?

Yes. Up to 200 CMKs can be created under each account in each region, excluding the ones scheduled for deletion and Tencent Cloud managed CMKs. If you need to create more CMKs, please submit a ticket or contact your Tencent Cloud sales rep.

Which Tencent Cloud services can encrypt data using KMS?

KMS is seamlessly integrated with Tencent Cloud services such as TencentDB, COS, and CBS to encrypt their data through envelope encryption.

How do I encrypt data using KMS?

There are three ways to call KMS:
Call KMS through KMS API. In this case, your business applications can be either in or outside Tencent Cloud.
Call KMS by integrating the KMS SDK into your own business application. In this case, your business applications can be either in or outside Tencent Cloud.
Call KMS through a Tencent Cloud product that has been connected to KMS to encrypt and decrypt the data of the product.

How do I enable key rotation?

You can enable key rotation in the KMS Console to automatically rotate CMK annually.
After a CMK is rotated, you do not need to encrypt the data again, as Tencent Cloud will retain the original CMK. Ciphertext encrypted with the old CMK can still be decrypted, while new data will be encrypted with the new CMK.
Previous Topic: Service Level AgreementNext Topic: General

Help and Support

Was this page helpful?

Help us improve! Rate your documentation experience in 5 mins.

Feedback