By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Does the EBS Datakey is rotating

0

Hello, In EBS documentation, it is explained how EBS encryption works. It explains data is encrypted with a data key, which is encrypted with a KMS Key. Later in the same page, it explains AWS KMS generates new cryptographic material for the KMS key every year. I also understand the data key is stored with the volume information. Should I understand that data key is never rotating ? Thank you for your help.

Topics
Security, Identity, & ComplianceStorage
Tags
AWS Key Management ServiceAmazon Elastic Block Store
Language
English
cyrilsp
asked a year ago205 views
1 Answer
1
Accepted Answer

Thats correct, AWS does not manage or rotate the data keys. Notice you do not see the data keys inside KMS console.

AWS KMS generates, encrypts, and decrypts data keys. However, AWS KMS does not store, manage, or track your data keys, or perform cryptographic operations with data keys.

https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#data-keys

profile pictureAWS
ABitnar
answered a year ago
profile picture
EXPERT
Antonio_Lagrotteria
reviewed a year ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content