Key Management Service update: key rotation and import
Key Management Service
Flexible Engine / Fonctionnalités / Update
Flexible Engine’s Key management service has been updated and now supports security key rotation and the ability for the user to import self-generated keys to the service.
Log into Key Management Service through the Flexible Engine Console to make use of these new features.
More information on Key Management Service here.
Elastic Cloud Server
Security risks exist when a DEK (Data Encryption Key) is extensively and repeatedly used. For security purposes, you can configure Key Management Service to create new key materials for the CMK (Complete Match Key) though key rotation.
Rotation interval: The value is an integer ranging from 30 to 365 (default value).
Set the interval based on how often a CMK is used. If it is frequently used, set a short interval; otherwise, set a long one.
If you want to use your own key materials instead of the KMS generated materials, you can use the console to import your key materials to KMS.
CMKs created using imported materials and KMS generated materials are then managed together through KMS.