<p class="shortdesc"></p> <p class="p">Key Management Service (KMS) is a cryptographic service that uses hardware security modules (HSMs) to generate, encrypt, and protect keys. With KMS, you do not need to worry about the security of your data or keys. Instead, you can focus on developing encryption and decryption scenarios that meet your needs. </p> <p class="p">Integrated with various Ping An Cloud products, KMS offers a service of high reliability at low cost. KMS offers not only secure and easy management for sensitive data, but efficient cryptographic protection for vast amounts of local data or files in a comprehensive and reliable manner. </p> <p class="p">Ping An Cloud KMS is applicable in the following scenarios, and provides corresponding solutions to protect sensitive data. </p> <table class="table" id="Profile__table_n4y_zgt_3lb"><caption></caption><colgroup><col><col><col><col></colgroup><thead class="thead"> <tr class="row"> <th class="entry" id="Profile__table_n4y_zgt_3lb__entry__1">Role </th> <th class="entry" id="Profile__table_n4y_zgt_3lb__entry__2">Issue </th> <th class="entry" id="Profile__table_n4y_zgt_3lb__entry__3">Data in Need of Protection </th> <th class="entry" id="Profile__table_n4y_zgt_3lb__entry__4">KMS Solution </th> </tr> </thead><tbody class="tbody"> <tr class="row"> <td class="entry" headers="Profile__table_n4y_zgt_3lb__entry__1 "> <p class="p">Program developers </p> </td> <td class="entry" headers="Profile__table_n4y_zgt_3lb__entry__2 "> <p class="p">You need to protect your websites and applications with signed certificates or encrypt them with keys. Certificates and keys, however, are too sensitive to be deployed in plaintext. Under such circumstances, you would expect an independent and secure key management service for your applications, regardless of their deployment, with secure access to keys. </p> </td> <td class="entry" headers="Profile__table_n4y_zgt_3lb__entry__3 "> <p class="p">Certificates, keys and other sensitive information </p> </td> <td class="entry" headers="Profile__table_n4y_zgt_3lb__entry__4 "> <p class="p">Envelope encryption provided by KMS comes in handy. You can store your customer master keys (CMKs) in KMS, and the ciphertext data keys in your local machine. You only need to call KMS to decrypt the ciphertext data keys when needed. </p> </td> </tr> <tr class="row"> <td class="entry" headers="Profile__table_n4y_zgt_3lb__entry__1 "> <p class="p">Back-end service developers </p> </td> <td class="entry" headers="Profile__table_n4y_zgt_3lb__entry__2 "> <p class="p">It is of vital importance to ensure the security of keys and data stored by users. Therefore, developers want users to manage their own keys and give them authorizations to use specified ones. In this way, developers only need to focus on service development. </p> </td> <td class="entry" headers="Profile__table_n4y_zgt_3lb__entry__3 "> <p class="p">Passwords, login keys, configurations, etc. </p> </td> <td class="entry" headers="Profile__table_n4y_zgt_3lb__entry__4 "> <p class="p">KMS file encryption. </p> </td> </tr> <tr class="row"> <td class="entry" headers="Profile__table_n4y_zgt_3lb__entry__1 "> <p class="p">Governments and financial institutions </p> </td> <td class="entry" headers="Profile__table_n4y_zgt_3lb__entry__2 "> <p class="p">The communications and data from governments and financial institutions are of high value and confidentiality. Therefore, compliance and security issues should be taken into consideration upon the construction of a business system for them. </p> </td> <td class="entry" headers="Profile__table_n4y_zgt_3lb__entry__3 "> <p class="p">Protocol communication content, important files and documents </p> </td> <td class="entry" headers="Profile__table_n4y_zgt_3lb__entry__4 "> <p class="p">KMS envelope encryption. </p> </td> </tr> </tbody></table>