Amazon KMS
AWS Key Management Service (KMS) is a managed service that makes it easy to create and control the cryptographic keys used to protect your data, integrated with other AWS services to simplify encryption of data stored and managed in those services.
APIs
Amazon KMS API
The AWS Key Management Service API provides programmatic access to create and manage cryptographic keys, encrypt and decrypt data, generate data keys, and manage key policies an...
Capabilities
Amazon KMS Workflow
Unified workflow capability for Amazon KMS combining resource management and operations.
Run with NaftikoFeatures
Create, import, rotate, disable, delete, and audit usage of cryptographic keys from a central location.
Keys are protected by FIPS 140-2 validated hardware security modules (HSMs).
Enable automatic annual rotation of KMS keys without changing key ARNs.
Create multi-Region keys that can be replicated into multiple AWS Regions.
Generate and use asymmetric RSA and ECC key pairs for encryption and signing.
Every KMS API call is logged to AWS CloudTrail for auditing and compliance.
Use Cases
Encrypt data stored in S3, RDS, EBS, and other AWS services using KMS keys.
Use KMS to generate data encryption keys for envelope encryption patterns.
Use asymmetric KMS keys to sign and verify digital signatures.
Import your own cryptographic key material into AWS KMS for compliance requirements.
Integrations
Encrypt S3 objects at rest using SSE-KMS with customer managed keys.
Encrypt RDS database instances and automated backups with KMS keys.
All KMS API usage is automatically logged for audit and compliance.
Encrypt secrets stored in Secrets Manager with KMS keys.
Encrypt Lambda environment variables with KMS customer managed keys.