Like it or not, your encryption key is often your key to the castle and must be properly protected. While in the past we kept these keys behind firewalls, these days we often use the public cloud to store our keys.
And, so, one of the best practices for the usage of encryption keys is to implement key rotation. This is where a new key is used after a given amount of time. But, what happens when you have previously encrypted content? Well, for this we need our Cloud provider to manage your keys so that they store all the previously used keys.
In AWS we have KMS keys, and we can create a customer-managed key with a symmetric key using:
and then define the key alias and description:
After this, we define ownership of the keys. The created key has the schema format of:
{
"Id": "key-consolepolicy-3",
"Version": "2012-10-17",
"Statement": [
{
"Sid": "Enable IAM User Permissions",
"Effect": "Allow",
"Principal": {…
