Choosing a keyring

Your keyring determines the wrapping keys that protect your data keys, and ultimately, your data. Use the most secure wrapping keys that are practical for your task. Whenever possible use wrapping keys that are protected by a hardware security module or a key management infrastructure, such as KMS keys in AWS Key Management Service (AWS KMS) or encryption keys AWS CloudHSM.

The AWS Encryption SDK provides several keyrings and keyring configurations in multiple programming languages, and you can create your own custom keyrings. You can also create a multi-keyring that includes one or more keyrings of the same or a different type.

Topics

AWS KMS keyrings
AWS KMS Hierarchical keyrings
AWS KMS ECDH keyrings
Raw AES keyrings
Raw RSA keyrings
Raw ECDH keyrings
Multi-keyrings

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

Keyring compatibility

AWS KMS keyrings