Skip to main content

Encrypting AWS S3 Bucket

The XKS proxy serves as a controllable kill switch. If you deactivate the XKS proxy, any ongoing encrypt and decrypt operations utilizing XKS keys will come to a halt. AWS services that have previously loaded a data key into memory for one of your resources will persist in their functionality until you either deactivate the resource or the service key cache expires. As an illustration, Amazon S3 retains cached data keys for a brief duration when bucket keys are enabled.

For more, see Configuring your bucket to use an S3 Bucket Key with SSE-KMS for new objects