vpruthi/doc-exports
1
0
Fork 0
forked from docs/doc-exports
Code Pull Requests Activity
doc-exports/docs/kms/umn/kms_01_0044.html
Li, Qiao d9e750baf4 KMS User Guide 20231019 version. 
Reviewed-by: Rogal, Marcel <mrogal@noreply.gitea.eco.tsi-dev.otc-service.com>
Co-authored-by: Li, Qiao <qiaoli@huawei.com>
Co-committed-by: Li, Qiao <qiaoli@huawei.com>
2024-06-10 13:07:34 +00:00

3.4 KiB
Raw Permalink Blame History

What Is a Customer Master Key?

A Customer Master Key (CMK) is a Key Encryption Key (KEK) created by a user on KMS. It is used to encrypt and protect DEKs. One CMK can be used to encrypt one or more DEKs.

CMKs are categorized into custom keys and default keys.
  • Custom keys

    Keys created or imported by users on the KMS console.

  • Default keys

    When a user uses KMS for encryption in a cloud service for the first time, the cloud service automatically creates a key with the alias suffix /default.

    You can use the management console to query but cannot disable or schedule the deletion of Default Master Keys.

    Table 1 Default Master Keys

    Alias

    Cloud Service

    obs/default

    Object Storage Service (OBS)

    evs/default

    Elastic Volume Service (EVS)

    ims/default

    Image Management Service (IMS)

    sfs/default

    Scalable File Service (SFS)
Parent topic: KMS Related