KMS (Key Management Service)

A managed service that makes it easy for you to create and control the cryptographic keys used to encrypt your data.

Get started

What is Key Management Service (KMS) in cloud computing?

Key Management Service (KMS) is a cloud service that helps you manage cryptographic keys for your cloud services. It's used to create, control, and rotate the encryption keys used to secure data.

  • KMS is integrated with other cloud services, making it easier to encrypt data and manage keys.
  • It provides an audit trail so you can see who used which keys, on which resources, and when.

How does Key Management Service (KMS) work?

KMS works by providing a centralized control point to manage cryptographic keys. When a user or service needs to encrypt or decrypt data, they make a request to KMS, which performs the operation and logs the access.

  • KMS can automatically handle key rotation, reducing the risk of a key being compromised.
  • It enforces access controls to ensure that only authorized users can use a key.

Key Management Service (KMS) Example

A company might use KMS to manage the encryption keys for their customer database. When a customer's data is saved, the application makes a request to KMS to encrypt the data.

  • KMS encrypts the data and returns it to the application, which then stores the encrypted data in the database.
  • When the data needs to be read, the application requests KMS to decrypt it.

Check out related terms