Posted On: Nov 29, 2022

Today, AWS Key Management Service (AWS KMS) introduces the External Key Store (XKS), a new feature for customers who want to protect their data with encryption keys stored in an external key management system under their control. This capability brings new flexibility for customers to encrypt or decrypt data with cryptographic keys, independent authorization, and audit in an external key management system outside of AWS.

XKS may help you address your compliance needs where encryption keys for regulated workloads must be outside AWS and solely under your control. 

To provide customers with a broad range of external key manager options, AWS KMS developed the XKS specification with feedback from several HSM, key management and integration service providers, including Thales, Entrust, Salesforce, T-Systems, Atos, Fortanix, and HashiCorp. For information about availability, pricing, and how to use XKS with solutions from these vendors, consult the vendor’s documentation.

For detailed information about choosing, configuring, and using XKS, see External Key Stores in the AWS KMS Developer Guide and read the External Key Store (XKS) announcement on the AWS News Blog. To see the Regions where XKS is currently available, visit our technical documentation.