AWS - Bring Your Own Key

AWS Key Management Service (AWS KMS) is a managed service that makes it easy for you to create and control the cryptographic keys that are used to protect your data across your applications and more than 100 AWS services. Use AWS KMS to encrypt data across your AWS workloads, digitally sign data, encrypt within your applications using AWS Encryption SDK, and generate and verify message authentication codes (MACs). AWS KMS uses hardware security modules (HSM) to protect and validate your AWS KMS keys.

AWS KMS Bring Your Own Key (BYOK) allows more control over the creation, lifecycle, security and durability of your keys. This document describes how to easily integrate Securosys CloudHSM (HSM as a Service) or on-premises Primus HSM cluster with AWS KMS BYOK, enabling the advantages of secure key generation and storage on the HSM, and to comply with regulatory requirements.

For more information visit AWS - Bring Your Own Key page.