All Products
Search
Document Center

Key Management Service:List of operations by function

Last Updated:Oct 18, 2024

The following table describes the APIs that you can call in different scenarios.

Category

Subcategory

Description

API

Difference

Customer master key (CMK)

CMK management

Manages a CMK throughout its lifecycle and queries information about a CMK.

KMS API

None.

CMK version management

Rotates a CMK and queries information about a CMK version.

Alias management

Manages an alias throughout its lifecycle and queries information about an alias.

An alias is an independent object in KMS. An alias must be bound to a unique CMK. You can set the KeyId parameter in specific operations to an alias to specify a CMK.

Cryptographic operation

Uses keys to perform cryptographic operations, such as data encryption and decryption.

  • If you use Dedicated KMS to perform cryptographic operations on data, you must call the Dedicated KMS API. To perform other operations, you can call the KMS API. The Dedicated KMS API and the KMS API provide similar cryptographic operations but support different data formats. The two APIs cannot be interchangeably used.

  • You can call KMS API by using the KMS gateway, You can call Dedicated KMS API by using the private gateway of Dedicated KMS.

Secrets Manager

Secrets management

Manages, protects, distributes, and rotates secrets.

KMS API

None.

Secret query

Queries a secret value.

  • You can call the Dedicated KMS API or KMS API to query secret values. Compared with the KMS API, the Dedicated KMS API provides lower latency, higher QPS, and higher stability.

  • You can call KMS API by using the KMS gateway, You can call Dedicated KMS API by using the private gateway of Dedicated KMS.

Certificates Manager

Certificate management

Creates, deletes, and updates a certificate, queries information about a certificate, and generates and verifies a signature.

KMS API

None

Others

Tag management

Manages the tag that is associated with a resource throughout the lifecycle of the tag and queries the tags of a specified resource.

Common operations

Activates KMS and queries the status of KMS instances and available regions.