All Products
Search

This Product

    Key Management Service:List of operations by function

    Document Center

    Key Management Service:List of operations by function

    Last Updated:Oct 18, 2024

    The following table describes the APIs that you can call in different scenarios.

    Category

    Subcategory

    Description

    API

    Difference

    Customer master key (CMK)

    CMK management

    Manages a CMK throughout its lifecycle and queries information about a CMK.

    KMS API

    None.

    CMK version management

    Rotates a CMK and queries information about a CMK version.

    Alias management

    Manages an alias throughout its lifecycle and queries information about an alias.

    An alias is an independent object in KMS. An alias must be bound to a unique CMK. You can set the KeyId parameter in specific operations to an alias to specify a CMK.

    Cryptographic operation

    Uses keys to perform cryptographic operations, such as data encryption and decryption.

    • If you use Dedicated KMS to perform cryptographic operations on data, you must call the Dedicated KMS API. To perform other operations, you can call the KMS API. The Dedicated KMS API and the KMS API provide similar cryptographic operations but support different data formats. The two APIs cannot be interchangeably used.

    • You can call KMS API by using the KMS gateway, You can call Dedicated KMS API by using the private gateway of Dedicated KMS.

    Secrets Manager

    Secrets management

    Manages, protects, distributes, and rotates secrets.

    KMS API

    None.

    Secret query

    Queries a secret value.

    • You can call the Dedicated KMS API or KMS API to query secret values. Compared with the KMS API, the Dedicated KMS API provides lower latency, higher QPS, and higher stability.

    • You can call KMS API by using the KMS gateway, You can call Dedicated KMS API by using the private gateway of Dedicated KMS.

    Certificates Manager

    Certificate management

    Creates, deletes, and updates a certificate, queries information about a certificate, and generates and verifies a signature.

    KMS API

    None

    Others

    Tag management

    Manages the tag that is associated with a resource throughout the lifecycle of the tag and queries the tags of a specified resource.

    Common operations

    Activates KMS and queries the status of KMS instances and available regions.