Tencent Key Management Service

TencentSecurityFree tier available

Managed cryptographic key service with customer master keys (CMKs), envelope encryption for Tencent services, automatic and manual rotation, imported key material (BYOK), Managed HSM for single-tenant FIPS 140-2 Level 3 compliance, and audit logging via CloudAudit

FluffyStack tools
Add to Service BuilderAdd to CompareCompare with equivalentsExplore Tencent in TreemapExplore security in HoneycombSee Tencent regions on the World MapSee security as a networkScore jurisdiction exposure
DocumentationPricingTencent website

Jurisdictional exposure

Provider HQ
CNShenzhen, China

Subject to PIPL, DSL, CSL

Region locations
APACCNEUUSOther21 regions across 5 jurisdictions
Sovereign option
Yes — 9 sovereign-flagged regions available
Full scorecard for this service →CN lens detail →Sovereign cloud coverage map →

Attributes

Fips
140-2 Level 3

Sub-services (3)

Customer Master Keys

Symmetric AES and asymmetric RSA / SM2 master keys with rotation

Bring-Your-Own-Key (BYOK)

Import externally-generated key material into the managed KMS

Managed HSM

Single-tenant FIPS 140-2 Level 3 hardware security modules

Compliance & Certifications

This service is attested for the following frameworks. Always verify with the provider before relying on a specific compliance posture.

GDPRSOC 2ISO 27001HIPAAPCI DSS

Where this runs

21 regions
12 countries
9sovereign
Sovereign regions (9)
  • BeijingTencent Cloud China
  • ShanghaiTencent Cloud China
  • GuangzhouTencent Cloud China
  • ChengduTencent Cloud China
  • ChongqingTencent Cloud China
  • NanjingTencent Cloud China
  • Shenzhen Finance · ShenzhenTencent Finance Cloud
  • Shanghai Finance · ShanghaiTencent Finance Cloud
  • Beijing Finance · BeijingTencent Finance Cloud
Commercial regions (12)

Europe (1)

  • Frankfurt

North America (3)

  • Toronto
  • Virginia
  • Silicon Valley

South America (1)

  • São Paulo

Asia (7)

  • Hong Kong
  • Mumbai
  • Jakarta
  • Tokyo
  • Singapore
  • Seoul
  • Bangkok

Tags

kmsencryptionbyokhsmsecurity

Equivalent services on other platforms

AWS KMSAWS

Create and manage cryptographic keys for encryption at rest and in transit with AWS-managed, customer-managed, and imported keys, automatic rotation, and FIPS 140-2 validated HSMs

Azure Key VaultAzure

Centralised vault for cryptographic keys, secrets, and certificates with HSM-backed keys, managed certificate renewal, and RBAC or access-policy enforcement

Cloud KMSGCP

Cloud-hosted key management for encryption at rest with symmetric and asymmetric keys, customer-supplied keys, HSM-backed keys, and automatic rotation

Huawei Data Encryption Workshop (DEW)Huawei

Unified cryptographic services including Key Management Service for envelope encryption, Cloud Secret Management Service for secret storage and rotation, Key Pair Service for SSH key management, and Dedicated HSM for FIPS 140-2 Level 3 workloads

OpenStack BarbicanOpenStack

Key management service for symmetric and asymmetric keys, certificates, and other secret material — pluggable backends include software KMS, HSM via PKCS#11, Vault, and KMIP-compliant appliances. Equivalent to AWS KMS / Azure Key Vault / Cloud KMS in the cross-provider mapping

OCI VaultOracle

Centralised key and secret management service with HSM-backed symmetric and asymmetric keys, automatic rotation, and envelope encryption for OCI resources

Pricing

Pricing model:per-key-per-month