The Key Management System (KMS) service centrally manages cryptographic keys and runs in the org admin cluster. The Application Operator (AO) creates, uses, and destroys the keys in the KMS.
Supported keys
KMS supports the following keys:
Key primitive | Key primitive (API) | Description | Default algorithm |
---|---|---|---|
AEAD |
aeadkey |
The authenticated encryption with associated data (AEAD )
key that performs authenticated encryption using AES-256 .The key's components represent the following:
|
AES_256_GCM |
Signing |
signingkey |
The signing key that provides asymmetric signing using elliptic curve
support. The key's components represent the following:
|
EC_SIGN_P384_SHA384 |
Key features
The AO centrally manages symmetric and asymmetric cryptographic keys with the AEAD and Signing keys. Through the KMS Creator role, the AO has the ability to create keys.
Through the KMS Admin role, the AO can use, destroy, import, and export aeadkey and signingkey cryptographic keys.