Skip to main content

Getting started with BYOK for AWS

This quickstart guide provides an overview of using the Bring Your Own Key (BYOK) process for AWS Key Management Service (KMS).

Installation

  1. Configure the necessary settings on the HSM. For CloudHSM, this is managed for you by Securosys.
  2. Install the Primus Tools.

Bring your key to AWS

  1. Create an AWS KMS key with no key material.
  2. Download the public key and import token.
  3. Create a key on the Securosys CloudHSM or Primus HSM to be used for BYOK.
  4. Export and wrap the key with the public key downloaded from AWS.
  5. Import the key into AWS KMS.

AWS KMS is now ready to use the secret key generated on the Securosys HSM in AWS.

Last updated on