KMS Server side encryption

KMS Server side encryption

Subscribe to my newsletter and never miss my upcoming articles

Before understanding Server side encryption we need to understand difference between Enceryption at rest and Encryption at transit

What is Encryption at Rest?

-> Encryption at rest is encrypting your data when it is resting at the storage.

Benifits : Your data is encrypted and safe so that even some one hacks the cloud storage / harddisk went to wrong hands your data remains un leaked

What is Encryption at Transit?

This is when the data is in travel from the stored hard disk to the client machine who requested data.

Encryption at Transit are handled using SSL certificate and tunning

Encryption in AWS

In AWS any service where ever you store data they offer you encryption at rest feasabilty.

The service where you store data can be any , it can be EBS, EFS , S3 all service provides you option to encrypt at rest.

Types of Encryption at rest

Encyption at rest can be further handled in multiple ways

Method 1 : Client side Encryption

In this option AWS has nothing to do , before uploading data to store in AWS service the user encrypts the data and then directly uploads the encrypted data.

Method 2 : Server side Encryption

This is where AWS performs the action to encrypt your data and achieve encryption at rest.

KMS (Key Management Service ) is the service used to manage the encryption key that to encrypt the data.

KMS can be managed in 2 ways

Type 1 : AWS Managed - AWS creates and manages the KMS key where the user has no rights to delete it

Type 2: Customer Managed - User creates and set key policies and has full rights on managing key. You can also set auto key rotation so that the encryption key get auto renewed without any manual action and the security is assured.

Thanks for reading till end. In our next post we will see how to enable encryption at rest in S3 and EBS


Hope you find this useful. Give 👍 for more posts from us. We also run a youtube channel TechPechu TechPechu in Tamil( Indian regional Language) do subscribe as moral support! 😀

 
Share this