Viewing HMAC KMS keys - AWS Key Management Service

Viewing HMAC KMS keys

You can view HMAC KMS keys in the AWS KMS console or by using the DescribeKey API. You can monitor the use of your HMAC KMS keys in AWS CloudTrail logs and in Amazon CloudWatch. For basic instructions on viewing KMS keys, see Viewing keys.

You can distinguish HMAC KMS keys from other types of KMS keys by their key spec, which begins with HMAC, or their key usage, which is always Generate and verify MAC (GENERATE_VERIFY_MAC).

HMAC KMS keys are included in the table on the Customer managed keys page of the AWS KMS console. However, you cannot sort or filter KMS keys by key spec or key usage. To make it easier to find your HMAC keys, assign them a distinctive alias or tag. Then you can sort or filter by the alias or tag.

On the key details page for a HMAC KMS key, you can find its configuration details on the Cryptographic configuration tab.