Key Management with AWS KMS
What better way to follow up Certificate Management than with Key Management
AWS KMS is a managed service that helps you more easily create and control the keys used for cryptographic operations. The service provides a highly available key generation, storage, management, and auditing solution for you to encrypt or digitally sign data within your own applications or control the encryption of data across AWS services.
If you are responsible for securing your data across AWS services, you should use it to centrally manage the encryption keys that control access to your data.
If you are a developer who needs to encrypt data in your applications, you should use the AWS Encryption SDK with AWS KMS to more easily generate, use and protect symmetric encryption keys in your code.
If you are a developer who needs to digitally sign or verify data using asymmetric keys, you should use the service to create and manage the private keys you’ll need. If you’re looking for a scalable key management infrastructure to support your developers and their growing number of applications, you should use it to reduce your licensing costs and operational burden.
If you’re responsible for proving data security for regulatory or compliance purposes, you should use it because it facilitates proving your data is consistently protected.
It’s also in scope for a broad set of industry and regional compliance regimes.
3 Use cases
Protect your data at rest
Activate server-side encryption with AWS KMS using KMS keys you control and manage.
Encrypt and decrypt data
Use AWS Encryption SDK to securely handle cryptographic operations in your applications.
Sign and verify digital signatures
Protect signing operations with AWS KMS using asymmetric KMS keys.