Hello!

I'm a newbie when it comes to cryptography but was wondering if aws-encryption-sdk has been considered as a backend? Not the default but rather one of potentially many cloud backends 🤷

At a glance I think for me it solves these questions:

• Where do I store the key securely? It seems to be passed as an envvar?
• How do I rotate the keys effectively (#75)

Here's some of the questions it tries to answer according to the docs:

• Which encryption algorithm should I use?
• How, or in which mode, should I use that algorithm?
• How do I generate the encryption key?
• How do I protect the encryption key, and where should I store it?
• How can I make my encrypted data portable?
• How do I ensure that the intended recipient can read my encrypted data?
• How can I ensure my encrypted data is not modified between the time it is written and when it is read?
• How do I use the data keys that AWS KMS returns?