AWS Key Management Service
Amazon's managed key management service, wired deeply enough into the rest of AWS that most other services — S3, EBS, RDS — can encrypt data using keys it creates, rotates, and audits automatically. Customer keys can be moved to dedicated single-tenant hardware through the paired AWS CloudHSM service for the strictest isolation requirements.
Verified Source: 1
- Product type
- Software
- Deployment
- SaaS
- Organization size
- SMBMid-marketEnterprise
- Pricing tier
- Freemium
Capability checklist
KMSHow AWS Key Management Service measures up against the full Encryption & Key Management taxonomy.
- Centralized key lifecycle management — supported
- Creates, distributes, rotates, and retires encryption keys from one system.
- HSM-backed key storage — supported
- Stores the most sensitive keys in dedicated hardware security modules.
- Encryption enforcement — not supported
- Ensures data at rest and in transit is actually encrypted, not just capable of it.
- Automated key rotation — supported
- Rotates keys on a schedule without requiring manual intervention.
- BYOK / HYOK cloud support — supported
- Lets customers bring or hold their own keys for data stored in cloud provider services.
- Access audit logging — supported
- Logs every use of a key for security review and compliance evidence.
Alternatives
Other Encryption & Key Management tools with overlapping capabilities, sized for similar teams.
Appears in stacks
Real-world stacks that include AWS Key Management Service.