AWS Encryption SDK
mickeypash opened this issue · comments
Mickey Pashov commented
Hello!
I'm a newbie when it comes to cryptography but was wondering if aws-encryption-sdk has been considered as a backend? Not the default but rather one of potentially many cloud backends 🤷
At a glance I think for me it solves these questions:
- Where do I store the key securely? It seems to be passed as an envvar?
- How do I rotate the keys effectively (#75)
Here's some of the questions it tries to answer according to the docs:
- Which encryption algorithm should I use?
- How, or in which mode, should I use that algorithm?
- How do I generate the encryption key?
- How do I protect the encryption key, and where should I store it?
- How can I make my encrypted data portable?
- How do I ensure that the intended recipient can read my encrypted data?
- How can I ensure my encrypted data is not modified between the time it is written and when it is read?
- How do I use the data keys that AWS KMS returns?