Key Management Service:Billing of KMS

Billable items

Billing method: pay-as-you-go.

The fees that you are charged for KMS include the fees for hosting keys and the fees for calling API operations.

• Fees for hosting keys

  You are not charged for customer master keys (CMKs) that are in the Pending Deletion state. The following table describes the billing rules for CMKs that are in other states.

  Key creator	Billable item	Unit price in Alibaba Cloud regions (USD/day)
  Alibaba Cloud service	Version of aservice-managed key	0.0
  User	Version of asoftware key	0.002
  	Version of abasic hardware key	0.033
  	Version of anadvanced hardware key	0.083 for the first 2,000 key versions 0.033 for other key versions

• Fees for calling API operations

  You are charged only when you call cryptographic operations. For more information about the cryptographic operations, see Cryptographic operations.

  Key category	Unit price in Alibaba Cloud regions in the Chinese mainland (USD/10,000 calls)	Unit price in Alibaba Cloud regions outside the Chinese mainland (USD/10,000 calls)
  Service-managed key	0	0
  Basic key(software and hardware)	0.08	0.03
  Advanced key(software and hardware)	0.24	0.15

Billing examples

• Billing example 1: cloud disk encryption

  You create 250 cloud disks per month in the Singapore region and use a CMK to encrypt the cloud disks.

  • Fees:

    • Key hosting: one CMK

      Note

      The CMK can be a service-managed key or a custom hardware key.

    • API operation calls: 750 (250 calls to create data keys, 250 calls to encrypt the data keys, and 250 calls to decrypt the data keys)

  • Estimated monthly fees:

    Fee	Service-managed key (USD)	Custom hardware key (USD)
    Key hosting	0	1
    API operation calls	0	0.002 (0.03 × 750/10,000)
    Total	0	1.002

• Billing example 2: OSS client-side encryption

  You use a CMK for OSS client-side encryption that is based on envelope encryption in the Singapore region. You upload and encrypt 10,000 objects per month. The system reads the encrypted objects 2,000,000 times per month.

  • Fees:

    • Key hosting: one CMK

    • API operation calls: 10,000 calls to create data keys (one call for each object)

    • API operation calls: 2,000,000 calls to decrypt data keys

  • Estimated monthly fees:

    Fee	Custom hardware key (USD)
    Key hosting	1
    API operation calls	6.03 (0.03 × 2,010,000/10,000)
    Total	7.03

• Billing example 3: signature generation

  You use a CMK whose key type is EC_P256 to generate 100,000 signatures in the Singapore region.

  • Fees:

    • Key hosting: one CMK

    • API operation calls: 100,000 calls to generate signatures

  • Estimated monthly fees:

    Fee	Custom hardware key (USD)
    Key hosting	2.49
    API operation calls	1.50 (0.15 × 100,000/10,000)
    Total	3.99

Overdue payments

If your Alibaba Cloud account has overdue payments, top up your account balance at the earliest opportunity to prevent negative impacts on your business.

If you do not settle your overdue payments in seven days, your KMS service is automatically terminated. In this case, KMS retains your key-related data but you cannot access KMS. Until you settle your overdue payments, you are not charged for KMS.

Query of bills and bill details

You can query and export KMS bills and bill details in the Expenses and Costs console.

How to stop billing

After you delete the CMKs within your Alibaba Cloud account, you are no longer charged.

You can only schedule the deletion task of a CMK. After you schedule a deletion task of a CMK, the CMK enters the Pending Deletion state. When the CMK enters the Pending Deletion state, you are not charged for the CMK, and you cannot use the CMK to encrypt data, decrypt data, generate signatures, verify signatures, or generate data keys. After the scheduled period elapses, the CMK is deleted and cannot be restored. For more information, see Schedule a key deletion task.