Amazon Key Management Service (KMS)

AWS Key Management Service (KMS) is an encryption and key management service scaled for the cloud. KMS keys and functionality are used by other AWS services, and you can use them to protect data in your own applications that use AWS.

Amazon resources:

Introduction

Developer Guide: Overview


Using the KMS plugin on Linx

(Selected examples of KMS functions)


Create a Customer Master Key (CMK)

Steps:

  1. From the Amazon Cloud Trail plugin, add the CreateTrail function to your process

  2. Enter the details of the Properties associated with the CreateTrail function:

    a. AWS Credentials of the user performing the function

    b. Alias – name of the key being created

    c. Description – A suitable description of the key


Generate a Data Key

Steps:

  1. From the Amazon KMS plugin, add the GenerateDataKey function to your process

  2. Enter the details of the Properties associated with the GenerateDataKey function:

    a. AWS Credentials of the user performing the function

    b. Key ID – The identifier of the key under which to generate and encrypt the data encryption key. Specify the key id, the key ARN, alias name or alias ARN. When using an alias name, prefix it with "alias/".


Encrypt data

Steps:

  1. From the Amazon KMS plugin, add the Encrypt function to your process

  2. Enter the details of the Properties associated with the Encrypt function:

    a. AWS Credentials of the user performing the function

    b. Key ID – The identifier of the key (CMK) that is being used to encrypt your data

    c. Plain text – text to be encrypted


Decrypt data

Steps:

  1. From the Amazon KMS plugin, add the GenerateDataKey function to your process

  2. Enter the details of the Properties associated with the GenerateDataKey function:

    a. AWS Credentials of the user performing the function

    b. Cipher text blob – The cipher text to be decrypted