AWS Key Management Service
Developer Guide

The AWS Documentation website is getting a new look!
Try it now and let us know what you think. Switch to the new look >>

You can return to the original look by selecting English in the language selector above.

Managing CMKs in a Custom Key Store

You can create, view, manage, use, and schedule deletion of the customer master keys (CMKs) in a custom key store. The procedures that you use are very similar to those that you use for CMKs in AWS KMS. The only difference is that you specify a custom key store when you create the CMK. Then, AWS KMS creates non-extractable key material for the CMK in the AWS CloudHSM cluster that is associated with the custom key store. When you use a CMK in a custom key store, the cryptographic operations are performed in the HSMs in the cluster.

In addition to the procedures discussed in this section, you can do the following with CMKs in a custom key store:

However, you cannot import key material into a CMK in a custom key store.