Key management

You can use AWS-managed keys or customer managed keys (CMKs) to encrypt your QuickSight datasets that are stored in SPICE. All non-customer managed keys associated with Amazon QuickSight are managed by AWS.

Database server certificates that are not managed by AWS are the responsibility of the customer and should be signed by a trusted CA. For more information, see Network and database configuration requirements.

Use the topics below to learn more about customer managed keys in QuickSight.

Topics

Using customer-managed keys from AWS KMS with SPICE datasets in the Amazon QuickSight console

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

Data encryption

Encrypt SPICE datasets with CMKs