Certified Security - Specialty

Sign Up Free or Log In to participate!

Transferring AWS Cloud HSM keys into KMS securely

Having seen the blog How to BYOK (bring your own key) to AWS KMS for less than$15.00 a year using AWS CloudHSM I wanted to check whether doing this would be considered secure enough when transferring the keys to KMS rather than leaving them in the AWS Cloud HSM custom key store.  Is using the wrapper and token sufficient?    CHSM is FIP140-2 level 3 and KMS is FIPS140-2 level 2.

Does anyone have any views on the pro and cons of the method in this blog?


0 Answers

Sign In
Welcome Back!

Psst…this one if you’ve been moved to ACG!

Get Started
Who’s going to be learning?