
Yandex Key Management Service
A service for managing cryptographic keys. Use keys to protect the secrets, personal data, and sensitive information you store in the cloud.
Key management
Data encryption
Access control and security
SDK integration
Audit key actions
Integration with other services
Getting started
Encrypt your secrets with Yandex Managed Service for Kubernetes using a KMS key. To do this, create a KMS key and use it when creating a Kubernetes cluster.

Questions and answers
What is a cryptographic key?
A key is a set of versions, each of which defines an algorithm and cryptographic material for data encryption or decryption operations. The key is created along with its first version, which becomes the primary one. It’s used by default in key operations unless you specify a different version in the input parameters.
A key is a set of versions, each of which defines an algorithm and cryptographic material for data encryption or decryption operations. The key is created along with its first version, which becomes the primary one. It’s used by default in key operations unless you specify a different version in the input parameters.
What encryption scheme is used in Key Management Service?
Symmetric encryption. It uses the same (symmetric) key for both data encryption and decryption. KMS supports the AES with 128, 192, or 256-bit keys in GCM mode.
Symmetric encryption. It uses the same (symmetric) key for both data encryption and decryption. KMS supports the AES with 128, 192, or 256-bit keys in GCM mode.
How much data can I encrypt?
On the service side, you can encrypt up to 32 KB of data. Larger data can be encrypted using envelope encryption on the client side.
On the service side, you can encrypt up to 32 KB of data. Larger data can be encrypted using envelope encryption on the client side.