Stack Overflow
Stack Overflow

Questions tagged [amazon-kms]

AWS Key Management Service (KMS) is an encryption and key management service scaled for the cloud. KMS keys and functionality are used by other AWS services, and you can use them to protect data in your own applications that use AWS.

AWS Key Management Service (KMS) is an encryption and key management service scaled for the cloud. KMS keys and functionality are used by other AWS services, and you can use them to protect data in your own applications that use AWS.

704 questions
3
votes
1 answer

AWS owned CMKs vs AWS managed CMKs

Question # 0: AWS console displays AWS managed keys and Customer Managed Keys; it doesn't display AWS owned CMKs as an item in the list. As per documentation, customers cannot view or manage AWS-owned CMKs. However, under AWS managed keys, I see…
bp4D
  • 915
  • 12
  • 20
3
votes
1 answer

AWS KMS signature returns Invalid Signature for my JWT

I am trying to generate a simple JWT, using ES256 using KMS. Everything looks fine to the naked eye. But I get "Invalid signature" when I test it through jwt.io. The code is quite simple: public async Task GenerateJwt(object payload) { …
Mikael Gidmark
  • 1,303
  • 9
  • 18
3
votes
2 answers

Convert AWS KMS Public Key (from bytes) to a .pem file

I am using AWS KMS (Key Management Service) programmatically using Python3 and Boto3. I have created an asymmetric key pair (public and private) in the KMS itself. Now is there a way to save public and private file locally onto the disk that is…
Aniket Maithani
  • 845
  • 1
  • 10
  • 24
3
votes
1 answer

putClassificationExportConfiguration error with Amazon Macie creating a bucket for discoveries retention

We just started using Amazon Macie and we're having an issue when creating the bucket to keep findings for longer than 90 days. The error we get is: putClassificationExportConfiguration: The operation can't be performed because you're not authorized…
Arehandoro
  • 267
  • 1
  • 2
  • 11
3
votes
2 answers

AWS: Is it possible to retrieve the content of key that stored in KMS?

If the answer is no, how to deal with the data encryption when migrating your data from aws cloud to another cloud someday? e.g. S3 object that has been encrypted by SSE-S3
Ryan Lyu
  • 4,180
  • 5
  • 35
  • 51
3
votes
1 answer

Public Key of ECC P256K1 in AWS-KMS is 88 bytes?

I am using AWS KMS with ECC_SECG_P256K1 key. When I retreive the public key via aws-sdk the key is 88 bytes, which suppoed to be 64 bytes (as shown in the code) Even more the size of signature is varying between 70,71,72, which means we can't…
Wazen Shbair
  • 41
  • 7
3
votes
0 answers

Hashicorp vault auto unseal KMS security

I have not found comprehensive documentation on the protocol used to (auto-)unseal Hashicorps Vault using a Cloud KMS. To my understating Vault uses stored API Credentials to query the Cloud KMS and (somewhat unclear part) gets access to the master…
xuma202
  • 1,074
  • 1
  • 10
  • 22
3
votes
0 answers

TypeError : "errorMessage": "argument should be a bytes-like object or ASCII string, not 'Binary'",

I tried another program to validate the saved list of username and encrypted password from the above table and username and allowed resources in a different table. This program needs to be integrated with API request, however I have changed to send…
Chandan
  • 89
  • 1
  • 8
3
votes
2 answers

How to do AWS S3 SSE KMS key rotation?

Scenario - I created - 1. One S3 Bucket 2. Two KMS Keys 3. Enabled Default encryption on the S3 bucket, using KMS key #1 4. Uploaded a file in the bucket 5. Check the object details, it showed the Server-side encryption: AWS-KMS and the KMS…
Dev1ce
  • 5,390
  • 17
  • 90
  • 150
3
votes
4 answers

AWS Secrets Manager call from Lambda returning null/none

I am using an AWS Lambda function to call AWS Secrets Manager for retrieving secret values but it just returns the value None/Null. Here is my code: # Secrets Manager import boto3 import base64 from botocore.exceptions import ClientError def…
mcspadden
  • 95
  • 3
  • 9
3
votes
0 answers

AWS S3 "Access Denied" on GetObject operation (using AES-256 Server Side Encryption)

I have two AWS accounts and I'm trying to access S3 objects in Account A from Account B. The objects in question were uploaded as a result of Elasticache's copy-snapshot operation, meaning that the root user of Account A is not the true owner. I…
ajax992
  • 917
  • 9
  • 16
3
votes
3 answers

How to encrypt data in AWS RDS with AWS KMS on the column level?

I found that AWS RDS allows encrypting DB resources with AWS KMS. Because it is done inside the AWS infrastructure the encryption key can be easily rotated automatically. It is cool, but it is only encryption-at-rest. I would additionally like to…
Piotr Pradzynski
  • 4,190
  • 5
  • 23
  • 43
3
votes
1 answer

boto3 s3 upload big file with Content MD5 verification

I have a problem uploading big files and find a usuable ContentMD5 method in order to supply transfer verification I started with client.upload_file. This method has no ContentMD5 Parameter. So I tried using a function to generate a local ETag for…
noideawhatiamdoing
  • 31
  • 1
  • 3
3
votes
1 answer

How do I set a request header(x-amz-server-side-encryption : aws:kms) while saving file to S3 in Java code?

Below is the code that I have for uploading files to S3 using KMS server side encryption. However I am getting the exception "Server Side Encryption with AWS KMS managed key requires HTTP header x-amz-server-side-encryption : aws:kms"; Not sure…
user3115056
  • 1,266
  • 1
  • 10
  • 25
3
votes
0 answers

Ignore Default AWS KMS Encryption for S3 Uploads Using Python Boto3

We recently enabled AWS KMS for all of our Amazon S3 buckets which, by default, applies server-side encryption to all files we upload to our own S3 buckets or to S3 buckets owned by someone else. Is there a way to intentionally "ignore" the default…
hamzaahmad
  • 133
  • 2
  • 7
1 2 3
46 47