|
|
|
|
|
|
by gtsteve
3161 days ago
|
|
|
In the article the author says, > Customer Controlled Keys’ ambition is to provide customers with the ability to control the generation, rotation, deprecation and audit trail of their own encryption keys on our SaaS platform. It’s something we’re very interested in at Koan, as we feel it takes a significant step towards the “holy grail” of enterprise grade, multi-tenant SaaS software. This is a nice option, but remember that the durability of customer master keys is different to the durability of those generated in KMS. In the event of a regional power outage or serious failure, you will need to re-import the key material and if you've lost it, your data is lost. I don't feel this is made obvious enough and I wanted to bring that to the attention of those interested in KMS. http://docs.aws.amazon.com/kms/latest/developerguide/importi... |
|
|