Key Management Service (KMS) - Supports Key Version Management and Automatic Key Rotation
Sep 26 2019
Key Management Service (KMS)Content
Target customers: all KMS users. Cloud data security is the lifeline for all the customers. Encryption protection and regular rotation of encryption keys can greatly enhance data security. Features released: KMS supports multiple versions of a CMK and automatic version-based key rotation. Key version management and key rotation are the most important processes in key security practices. KMS provides built-in key version and automatic key rotation capabilities to reduce the R&D costs of implementing security policies such as key rotation. Periodic key rotation can achieve the following security objectives: 1. Reduce the amount of data encrypted by each key. 2. Obtain capabilities to respond to security events in advance. 3. Logically isolate data encrypted by the same CMK. 4. Reduce the time window for key cracking. 5. Meet security compliance requirements proposed by regulatory agencies and included in industry standards. You can use methods such as the KMS console, CLI, and SDK to manually rotate CMKs or configure custom automatic rotation policies. For more information, see KMS documentation.