Posted On: Jun 5, 2023

You can now import asymmetric and HMAC keys into AWS Key Management Service (AWS KMS) and use them within supported KMS-integrated AWS services and your own applications. Importing your own key gives you direct control over the generation, lifecycle management, and durability of your keys. You can control the availability of your imported keys by setting an expiration period, or deleting and re-importing them at any time. You have greater control over the durability of your imported keys because you can maintain the original version of the keys elsewhere. These additional controls could help you meet your specific compliance requirements if you must generate and store copies of keys outside of AWS.

Importing your own keys also allows you to simplify your key management by enabling you to move your asymmetric and HMAC keys and make them available through AWS KMS. This can be useful in situation where keys need to exist in multiple environments, including hybrid (on-premise) and multi-cloud workflows. For example, you can import an existing RSA private key for application code or certificate signing into AWS KMS without affecting existing workload. This lets you safely migrate workloads to AWS while expanding options on how you authorize, audit, and protect keys through AWS KMS.

This new capability is available in all AWS Regions, including the AWS GovCloud (US) Regions. To learn more about this new capability, see importing key materials in AWS KMS keys in the AWS KMS Developer Guide.