|
|
|
|
|
|
by cj
1278 days ago
|
|
|
Something is better than nothing, though. Just because something isn't 100% perfect in every scenario doesn't mean it shouldn't be done at all. But I agree with your point, if you're really worried about data to the point where you don't trust AWS with encryption keys, you should self-manage your keys and manually encrypt/decrypt data without AWS KMS. |
|
|