What is the process to rotate the key?

A company is using an AWS KMS customer master key (CMK) with imported key material.The company references the CMK by its alias in the Java application to encrypt data.The CMK must be rotated every 6 months.

What is the process to rotate the key?

Enable automatic key rotation for the CMK, and specify a period of 6 months.

Create a new CMK with new imported material, and update the key alias to point to the new CMK.

Delete the current key material, and import new material into the existing CMK.

Import a copy of the existing key material into a new CMK as a backup, and set the rotation schedule for 6 months.

Explanations:

AWS KMS does not support automatic key rotation for CMKs with imported key material. Key rotation for imported key material must be done manually by importing new key material.

To rotate the key, a new CMK must be created with new imported key material, and the alias should be updated to point to the new CMK. This ensures proper rotation of the encryption key.

Deleting the current key material is not required for rotating the key. Instead, new key material should be imported into a new CMK to achieve rotation.

AWS KMS does not support importing a copy of key material into a new CMK as a backup. Rotation requires creating a new CMK with new imported material.

Learn & move to cloud

What is the process to rotate the key?

Explanations:

Leave a Reply Cancel reply