Alibaba Cloud Key Management Service (KMS) offers free default keys for server-side encryption of cloud products. If the default key can meet your requirements, you do not need to purchase a KMS instance. However, if you want to have custom application encryption solutions, use secrets features, or manage key lifecycles, then you must purchase a software or hardware key management instance. This topic describes the billing methods, billing cycles, billing items, expiration description, and renewal information for KMS instances.
This topic only covers the subscription model fees. For pay-as-you-go model fees, see Pay-as-you-go.
Billing description
Billing method
Subscription
Billing cycle
The billing cycle is based on UTC+8 time, beginning immediately at the time of purchase or renewal of a KMS instance and ending at midnight at the end of the day that the instance expires.
Billable items
The fees for KMS instances are as follows:
Software Key Management Instance | Hardware Key Management Instance |
USD 500 per month | USD 1,799 per month |
The KMS instances can be purchased with default specifications, which are as follows:
If the default specifications do not meet your requirements, you can purchase additional resources. The additional quotas can be purchased for computing performance, keys, secrets, access management and log analysis. The fees for additional resources are as follows:
Computing performance fee
The fees for different QPS quotas are as follows (unit price: USD per month):
Computing Performance (QPS) | Software Key Management | Hardware Key Management |
1,000 | Covered in the default fee (500) | Covered in the default fee (1,799) |
2,000 | 100 | Covered in the default fee (1,799) |
4,000 | 300 | 200 |
6,000 | Not supported | 400 |
Key fee
For the subscription Software Key Management instances, the fee for each 10 keys is USD 9 per month. The purchase increment for keys is 10 and the quota limit is 100,000.
Additional key quotas are not supported for Hardware Key Management.
Secret fee
For all subscription instances, the quota limit for secrets is 100,000 and purchase increment is 100.
The fees for each 100 secrets are as follows:
Secret | Software Key Management | Hardware Key Management | |
Fee (each 100 secrets) | USD 50 per month | USD 50 per month | |
Access management fee
For all subscription instances, the quota limit for access management is 1,000 and purchase increment is 1.
The fees for the access management are as follows:
Access management | Software Key Management | Hardware Key Management | |
Fee (1 account or 1 VPC associated with the instance) | USD 125 per month | USD 125 per month | |
Log analysis fee
For all subscription instances, the log storage capacity is 500,000 GB and purchase increment is 1,000.
The fee for the log analysis is as follows:
Log analysis | Software Key Management | Hardware Key Management | |
Fee (each 1,000 GB of log storage capacity) | USD 80 per month | USD 80 per month | |
Overdue payments
The subscription billing method uses prepaid annual or monthly plans, so overdue payments will not occur. To ensure you can successfully perform operations such as purchasing new instances, upgrading instance configurations, or renewing instances, make sure to top up your account balance in advance.
Expiration description
Go to the Instances page and take note of the Expired On time of your KMS instance. We recommend that you renew your instance before the expiration date to prevent adverse impacts on your business.
Instance Expiration Status | Description |
Before expiration | Alibaba Cloud sends you email notifications 7 days, 3 days, and 1 day before the expiration of the KMS instance. The emails serve as a reminder to renew the KMS instance. |
Within 15 calendar days after expiration | The configurations of the KMS instance are retained, including keys and secrets. However, the keys and secrets can no longer used. After you renew the KMS instance, the keys and secrets can once again be used. |
16 days after expiration | The KMS instance is released. Your keys and secrets are deleted and cannot be restored. We recommend that you back up data in advance and take note of the backup's expiration time. For more information, see Backup Management. Warning If you do not back up your keys and secrets, or if the backup data expires, then the keys and secrets will be permanently lost after expiration and deletion. |
Refunds
You can request a partial refund for KMS instances that are in the Disabled or Enabled state. You can also cancel pending renewal orders.
Before you unsubscribe from a KMS instance, we recommend that you learn about the unsubscription rules, precautions, and unsubscription cases. For more information, see Rules for unsubscribing from resources.
You can unsubscribe from a KMS instance in the Expenses and Costs console or by submitting a ticket. For more information about the unsubscription procedure, see Methods for unsubscribing resources. For more information about the refund flow after you unsubscribe from a KMS instance, see Refund flow.
View billing and usage details
You can query and export KMS bills and bill details in the Expenses and Costs console. For more information, see Billing details and Usage records.
Renewal description
For more information about how to renew a resource in the Expenses and Costs console, see Renewal guide. To renew an instance in the KMS console, perform the following steps:
Log on to the KMS console. In the top navigation bar, select a region. In the left-side navigation pane, choose .
Click the Software Key Management tab or the Hardware Key Management tab, find the instance that you want to renew, and then click Renew in the Actions column.
On the KMS (International) | Renew page, configure the Duration parameter, and read and select Terms of Service.
Click Buy Now to complete payment.