alicloud-security-kms

What it does

This skill enables AI agents to interact with Alibaba Cloud's Key Management Service (KMS) to manage cryptographic keys securely. It allows for the creation, rotation, and deletion of encryption keys as well as retrieving key metadata without exposing sensitive key material.

When to use it

• Secure Data Encryption: Automatically generate unique KMS keys before encrypting sensitive customer data stored in databases or object storage.
• Compliance Auditing: Retrieve key policies and usage statistics to ensure adherence to security compliance frameworks like GDPR or HIPAA.
• Key Lifecycle Management: Schedule automated rotation of encryption keys to minimize the risk of long-term exposure if a key is compromised.
• Access Control Verification: Check which users or services have permission to use specific keys before authorizing data access operations.

Key capabilities

• Create new KMS keys with customizable tags and descriptions.
• Delete existing keys permanently after verifying usage policies.
• Retrieve detailed key metadata including creation time, state, and origin.
• List all available keys within a specific region or account.
• Update key policies to restrict or expand access permissions.

Example prompts

• "Create a new KMS key named 'prod-customer-data' with the tag 'environment: production' in the us-east-1 region."
• "List all active encryption keys associated with this Alibaba Cloud account and display their creation dates."
• "Update the policy for key 'key-id-12345' to allow only the role 'DataEncryptionService' to use it for data encryption operations."

Tips & gotchas

Ensure your AI agent has the necessary IAM permissions attached to the Alibaba Cloud profile before attempting key creation or deletion. Always verify that the specified region exists in your account configuration, as KMS keys are region-specific resources.