Does the EBS Datakey is rotating

Question

Hello,
In EBS documentation, it is explained [how EBS encryption works](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSEncryption.html). It explains data is encrypted with a data key, which is encrypted with a KMS Key. Later in the same page, it explains AWS KMS generates new cryptographic material for the KMS key every year. I also understand the data key is stored with the volume information.
Should I understand that data key is never rotating ?
Thank you for your help.

Accepted Answer

Thats correct, AWS does not manage or rotate the data keys. Notice you do not see the data keys inside KMS console.

AWS KMS generates, encrypts, and decrypts data keys. However, AWS KMS does not store, manage, or track your data keys, or perform cryptographic operations with data keys.

https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#data-keys

Does the EBS Datakey is rotating

相关内容