« Security, Identity & Compliance

AWS Key Management Service (AWS KMS)

Create and control keys used to encrypt or digitally sign your data

Start with 20,000 free requests

per month with the AWS Free Tier

Centrally manage keys and define policies across integrated services and applications from a single point.

Encrypt data within your applications with the integrated AWS Encryption SDK data encryption library.

Perform digital signing operations using asymmetric key pairs to ensure data integrity.

Securely generate Hash-based Message Authentication Codes (HMACs) that ensure message integrity and authenticity.

How it works

AWS Key Management Service (AWS KMS) lets you create, manage, and control cryptographic keys across your applications and more than 100 AWS services.
Diagram showing how AWS KMS integrates with other AWS services to encrypt your data and monitor use of your cryptographic keys.
Diagram showing how AWS KMS integrates with other AWS services to encrypt your data and monitor use of your cryptographic keys.
Close
 Click to enlarge
What is AWS KMS? (1:33)
What is AWS KMS?
Use AWS KMS to encrypt data across your AWS workloads, digitally sign data, encrypt within your applications using AWS Encryption SDK, and generate and verify message authentication codes (MACs).
What is AWS KMS?
Use AWS KMS to encrypt data across your AWS workloads, digitally sign data, encrypt within your applications using AWS Encryption SDK, and generate and verify message authentication codes (MACs).

Use cases

Protect your data at rest

Activate server-side encryption with AWS KMS using AWS KMS keys that you control and manage.

Learn more about AWS service integration »

Encrypt and decrypt data

Use AWS Encryption SDK to securely handle cryptographic operations in your applications.

Learn more about AWS Encryption SDK »

Sign and verify digital signatures

Protect signing operations with AWS KMS using asymmetric KMS keys.

Learn more about secure data signing »

Validate JSON web tokens using HMAC

Generate HMAC using AWS KMS to verify message integrity and authentication.

Learn more about protecting HMAC »

How to get started

Learn more about AWS KMS

Explore the AWS KMS developer guide.

Read the guide »

Contact an expert

Speak with an expert to learn more about AWS KMS.

Contact us »

Start using AWS KMS

Create, manage, and control cryptographic keys with AWS KMS.

Sign in »

Explore more of AWS