“Other than the excellent GenerateRandom API call (which you should check out for seeding your PRNGs), KMS is composed of a set of API operations for creating, managing, and using a relatively small set of encryption keys, called Customer Master Keys (here, "master keys"). There are a bunch of operations for managing grants and policy around who can use which keys for what operations, but the fundamental operations in KMS are CreateKey, Encrypt, and Decrypt. CreateKey will generate a key in the KMS service that will never leave the KMS service. Once you create a key in KMS, you can disable it, you can set permissions on who can use it, you can alias it, but you cannot export it. In order to use the keys for cryptography, you use the Encrypt and Decrypt API calls. This is the core security value proposition in KMS: no one can run off with the keys.”
Tagged: Ops, Secrets, Security

Explore more quotes:

About the author

This page was created by our editorial team. Each page is manually curated, researched, collected, and issued by our staff writers. Quotes contained on this page have been double checked for their citations, their accuracy and the impact it will have on our readers.

Kelly Peacock is an accomplished poet and social media expert based in Brooklyn, New York. Kelly has a Bachelor's degree in creative writing from Farieligh Dickinson University and has contributed to many literary and cultural publications. Kelly assists on a wide variety of quote inputting and social media functions for Quote Catalog. Visit her personal website here.

Kendra Syrdal is a writer, editor, partner, and senior publisher for The Thought & Expression Company. Over the last few years she has been personally responsible for writing, editing, and producing over 30+ million pageviews on Thought Catalog.