SEC08-BP01 Implement secure key management
By defining an encryption approach that includes the storage,
rotation, and access control of keys, you can help provide
protection for your content against unauthorized users and against
unnecessary exposure to authorized users. AWS Key Management Service (AWS KMS) helps you manage
encryption keys
and integrates
with many AWS services
Level of risk exposed if this best practice is not established: High
Implementation guidance
-
Implement AWS KMS: AWS KMS makes it easy for you to create and manage keys and control the use of encryption across a wide range of AWS services and in your applications. AWS KMS is a secure and resilient service that uses FIPS 140-2 validated hardware security modules to protect your keys.
-
Consider AWS Encryption SDK: Use the AWS Encryption SDK with AWS KMS integration when your application needs to encrypt data client-side.
Resources
Related documents:
Related videos: