Key Management Service (KMS)
Are you interested in KMS or do you have any questions regarding KMS? I will be happy to answer your questions in a free consultation!
T-Systems International GmbH
Tino Fehnle
Key Management Service (KMS)
Data is the core asset of every enterprise, each of which has its sensitive data which needs to be encrypted and protected from a breach. The Key Management Service (KMS) of the Open Telekom Cloud is a secure, reliable, and easy-to-use cloud service that helps users create, manage, and protect keys in a centralized manner.
During implementation, the KMS uses hardware security modules (HSMs) for the professional management of key security. HSMs serve to handle encryption and decryption processes, while a dedicated API is used to access the service. The Open Telekom Cloud allows users a variety of functions, including the ability to deploy their own keys ("bring your own key", BYOK), or "grant customer master key", which allows owners of tenants to issue temporary permissions for access to encrypted data.
The KMS generates and stores public keys for accessing data in the Open Telekom Cloud and makes them available to the respective user. It combines the essential security requirements placed on a cloud with usability, as users can manage their keys directly via the console.
Secure access to your data and integration with other Open Telekom Cloud services is ensured. Cloud Trace (CTS) logs operations on keys and thereby helps fulfil audit and compliance requirements.
The KMS stores customer master keys (CMKs) redundantly online, physically backs up root keys in multiple copies offline, and performs regular backups to ensure key persistence.
KMS provides central management and control capabilities of keys for storage services (e.g. for Object Storage Service (OBS)), platform services (e.g. for Relational Database Service (RDS)), and user applications. It is perfectly suited for data encryption and decryption scenarios.