Cloud key management
AWS Cloud Key Management (clon...

Create a customer-managed key in AWS KMS

1min
perform the following steps to create a customer managed key in aws kms the kms key you create has no key material because the {{ch}} is ultimately the source of the key material log in to the aws management console go to the key management service go to customer managed keys on the left side menu, and select the orange \[ create key ] button in the upper right corner of the page configure the key by selecting the following choices option required configuration key type symmetric key material origin external the kms option also works, but it generates a key, so {{ch}} does not have the key material for this initial key the external option creates a placeholder key without key material, enabling kms to provide key material in later steps regionality single region key select \[ next ] to continue add the following labels option required configuration alias choose a nickname description optional tags optional select \[ next ] to continue define the following key administrative permissions option required configuration key administrators select your user account key deletion select the allow key administrators to delete this key checkbox select \[ next ] to continue define the following key usage permissions option required configuration this account select your user account other aws accounts optional select \[ next ] to continue review your configuration ensure the top three fields ( key configuration , alias and description , and tags ) are correct copy and paste the contents of key policy into a file and save it with the json extension you must copy this file or move it to the system you use to manage your {{ch}} device select \[ finish ] when prompted to download a wrapping key and import token, select \[ cancel ] to skip that step on the main key management service (kms) page, make a copy of the generated key id (formatted as xxxxxxxx xxxx xxxx xxxx xxxxxxxxxxxx ) the aws properties tab requires this id (and the policy) when creating an hsm protected key group on the {{ch}} in the next section
Updated 24 Apr 2025
Did this page help you?
PREVIOUS
Set up communication between AWS Cloud Key Management and the CryptoHub
NEXT
AWS Cloud Key Management integration and key operations
Docs powered by Archbee