What is KMS?

  • KMS contains the keys to decrypt your private data
  • Administrators at AWS don’t have access to your keys within KMS
  • All administrative actions require dual authentication by two Amazon administrators
  • It’s our responsibility to administer our own encryption keys
  • The KMS service is for encryption at rest
  • To encrypt data while in transit you would need to use a different method, such as SSL
  • Backend servers that encrypt the data as it arrives transparent to the end-user
  • The overhead of performing the encryption and managing the keys is handled by the server
  • Requires the user to interact with the data to make the data encrypted
  • The overhead of the encryption process is on the client
Nadtakan Futhoem — Sr. Software Engineer

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store