Amazon KMS website screenshot

Amazon KMS

AWS Key Management Service (KMS) is a managed service that makes it easy to create and control the cryptographic keys used to protect your data, integrated with other AWS services to simplify encryption of data stored and managed in those services.

1 APIs 6 Features
CryptographyData ProtectionEncryptionKey ManagementSecurity

APIs

Amazon KMS API

The AWS Key Management Service API provides programmatic access to create and manage cryptographic keys, encrypt and decrypt data, generate data keys, and manage key policies an...

Collections

Amazon KMS API

POSTMAN

Arazzo Workflows

Amazon KMS Create Key and Describe

Create a new customer managed KMS key and read back its full metadata.

ARAZZO

Amazon KMS Generate and Recover Data Key

Generate a data key, then decrypt its encrypted form to recover the plaintext key.

ARAZZO

Amazon KMS Disable and Schedule Key Deletion

Disable a KMS key and then schedule it for deletion after a waiting period.

ARAZZO

Amazon KMS Enable Key and Verify State

Enable a disabled KMS key and confirm it is back in the Enabled state.

ARAZZO

Amazon KMS Envelope Encrypt and Decrypt

Generate a data key, then round-trip ciphertext through encrypt and decrypt.

ARAZZO

Amazon KMS List and Describe Keys

List the KMS keys in the account and describe the first one in detail.

ARAZZO

Amazon KMS Provision Key and Encrypt

Create a KMS key, enable it, and immediately encrypt a payload with it.

ARAZZO

Amazon KMS Sign and Verify

Sign a message with an asymmetric KMS key, then verify the signature.

ARAZZO

Pricing Plans

Amazon Kms Plans Pricing

3 plans

PLANS

Rate Limits

Amazon Kms Rate Limits

5 limits

RATE LIMITS

FinOps

Features

Centralized Key Management

Create, import, rotate, disable, delete, and audit usage of cryptographic keys from a central location.

Hardware Security Modules

Keys are protected by FIPS 140-2 validated hardware security modules (HSMs).

Automatic Key Rotation

Enable automatic annual rotation of KMS keys without changing key ARNs.

Multi-Region Keys

Create multi-Region keys that can be replicated into multiple AWS Regions.

Asymmetric Key Support

Generate and use asymmetric RSA and ECC key pairs for encryption and signing.

CloudTrail Integration

Every KMS API call is logged to AWS CloudTrail for auditing and compliance.

Use Cases

Data at Rest Encryption

Encrypt data stored in S3, RDS, EBS, and other AWS services using KMS keys.

Envelope Encryption

Use KMS to generate data encryption keys for envelope encryption patterns.

Digital Signatures

Use asymmetric KMS keys to sign and verify digital signatures.

BYOK (Bring Your Own Key)

Import your own cryptographic key material into AWS KMS for compliance requirements.

Semantic Vocabularies

Amazon Kms Context

1 classes · 7 properties

JSON-LD

API Governance Rules

Amazon KMS API Rules

16 rules · 9 errors 7 warnings

SPECTRAL

JSON Structure

Amazon Kms Key Structure

10 properties

JSON STRUCTURE

Example Payloads

Amazon Kms Key Example

10 fields

EXAMPLE

Resources

🔗
PostmanWorkspace
PostmanWorkspace
🔗
Arazzo
Arazzo
🔗
Arazzo
Arazzo
🔗
Arazzo
Arazzo
🔗
Arazzo
Arazzo
🔗
Arazzo
Arazzo
🔗
Arazzo
Arazzo
🔗
Arazzo
Arazzo
🔗
Arazzo
Arazzo
📰
Blog
Blog
💬
Support
Support
🌐
Console
Console
🔗
CLI
CLI
📦
SDKs
SDKs
🟢
StatusPage
StatusPage
🔗
Compliance
Compliance
📜
TermsOfService
TermsOfService
🌐
Portal
Portal
🔗
Documentation
Documentation
💰
Pricing
Pricing
🚀
GettingStarted
GettingStarted
💬
FAQ
FAQ
📜
PrivacyPolicy
PrivacyPolicy
📝
Signup
Signup
👥
GitHubOrganization
GitHubOrganization
🔗
SpectralRules
SpectralRules
🔗
Vocabulary
Vocabulary

Sources

Raw ↑
opencollection: 1.0.0
info:
  name: Amazon KMS API
  version: '2024-01-01'
request:
  auth:
    type: apikey
    key: Authorization
    value: '{{Authorization}}'
    placement: header
items:
- info:
    name: Keys
    type: folder
  items:
  - info:
      name: Amazon KMS List Keys
      type: http
    http:
      method: GET
      url: https://kms.us-east-1.amazonaws.com/keys
    docs: Gets a list of all KMS keys in the caller's AWS account and Region.
  - info:
      name: Amazon KMS Create Key
      type: http
    http:
      method: POST
      url: https://kms.us-east-1.amazonaws.com/keys
    docs: Creates a unique customer managed KMS key in your AWS account and Region.
  - info:
      name: Amazon KMS Describe Key
      type: http
    http:
      method: GET
      url: https://kms.us-east-1.amazonaws.com/keys/:KeyId
      params:
      - name: KeyId
        value: ''
        type: path
        description: Identifies the KMS key to describe.
    docs: Provides detailed information about a KMS key.
  - info:
      name: Amazon KMS Enable Key
      type: http
    http:
      method: POST
      url: https://kms.us-east-1.amazonaws.com/keys/:KeyId/enable
      params:
      - name: KeyId
        value: ''
        type: path
        description: Identifies the KMS key.
    docs: Sets the key state of a KMS key to enabled.
  - info:
      name: Amazon KMS Disable Key
      type: http
    http:
      method: POST
      url: https://kms.us-east-1.amazonaws.com/keys/:KeyId/disable
      params:
      - name: KeyId
        value: ''
        type: path
        description: Identifies the KMS key.
    docs: Sets the state of a KMS key to disabled.
  - info:
      name: Amazon KMS Schedule Key Deletion
      type: http
    http:
      method: POST
      url: https://kms.us-east-1.amazonaws.com/keys/:KeyId/deletion
      params:
      - name: KeyId
        value: ''
        type: path
        description: Identifies the KMS key.
    docs: Schedules the deletion of a KMS key.
- info:
    name: Cryptographic Operations
    type: folder
  items:
  - info:
      name: Amazon KMS Encrypt
      type: http
    http:
      method: POST
      url: https://kms.us-east-1.amazonaws.com/keys/:KeyId/encrypt
      params:
      - name: KeyId
        value: ''
        type: path
        description: Identifies the KMS key.
    docs: Encrypts plaintext of up to 4,096 bytes using a KMS key.
  - info:
      name: Amazon KMS Decrypt
      type: http
    http:
      method: POST
      url: https://kms.us-east-1.amazonaws.com/decrypt
    docs: Decrypts ciphertext that was encrypted by a KMS key.
  - info:
      name: Amazon KMS Generate Data Key
      type: http
    http:
      method: POST
      url: https://kms.us-east-1.amazonaws.com/keys/:KeyId/data-key
      params:
      - name: KeyId
        value: ''
        type: path
        description: Identifies the KMS key.
    docs: Returns a unique symmetric data key for use outside of KMS.
  - info:
      name: Amazon KMS Sign
      type: http
    http:
      method: POST
      url: https://kms.us-east-1.amazonaws.com/keys/:KeyId/sign
      params:
      - name: KeyId
        value: ''
        type: path
        description: Identifies the KMS key.
    docs: Creates a digital signature for a message or message digest using an asymmetric KMS key.
  - info:
      name: Amazon KMS Verify
      type: http
    http:
      method: POST
      url: https://kms.us-east-1.amazonaws.com/keys/:KeyId/verify
      params:
      - name: KeyId
        value: ''
        type: path
        description: Identifies the KMS key.
    docs: Verifies a digital signature that was generated by the Sign operation.
bundled: true