Managing keys with the KMU and CMU

If using the latest SDK version series, use CloudHSM CLI to manage the keys in your AWS CloudHSM cluster.

If using the previous SDK version series, you can manage keys on the HSMs in your AWS CloudHSM cluster using the key_mgmt_util command line tool. Before you can manage keys, you must start the AWS CloudHSM client, start key_mgmt_util, and log in to the HSMs. For more information, see Getting Started with key_mgmt_util.

Using trusted keys describes how to use PKCS #11 library attributes and CMU to create trusted keys to secure data.
Generating keys has instructions on generating keys, including symmetric keys, RSA keys, and EC keys.
Importing keys provides details on how key owners import keys.
Exporting keys provides details on how key owners export keys.
Deleting keys provides details on how key owners delete keys.
Sharing and unsharing keys details how key owners share and unshare keys.

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

Marking a key as trusted

Generating keys