SYSTEM Cited by 1 source
AWS KMS¶
AWS Key Management Service (KMS) is AWS's managed key-management service. It hosts customer keys (HSM-backed), exposes Wrap/Unwrap / Encrypt/Decrypt / Sign APIs under IAM, logs every operation to CloudTrail, and is the AWS endpoint of the Customer-Managed Key pattern for most AWS-hosted services.
Seen in¶
- sources/2026-04-20-databricks-take-control-customer-managed-keys-for-lakebase-postgres — one of the three KMSes Databricks' Lakebase CMK feature integrates with; keys identified by ARN; Databricks assumes a customer- granted IAM role to Wrap/Unwrap KEKs under an concepts/envelope-encryption hierarchy; every operation lands in the customer's CloudTrail.
Related¶
- concepts/envelope-encryption
- concepts/cmk-customer-managed-keys
- concepts/cryptographic-shredding
- systems/azure-key-vault, systems/google-cloud-kms — the other two cloud-native KMSes Lakebase CMK supports.