Photo by Amol Tyagi on Unsplash

Encryption Keys In The Cloud

Using Golang and CLI

As we increasing move to the public cloud, the usage of encryption keys becomes ever more important. This includes encrypting data and for digital signing. Some advantages include:

• Encryption in the cloud. This allows us to encrypt data in the cloud, and not have it processed on a client machine.
• Access policies. With a cloud-based system, it is possible to define a strict access policy on the usage of encryption keys and strongly based on cloud-based roles
• Auditing. Through AWS CloudTrail, it is possible to log the access to encryption keys, and which can support regulatory and compliance needs.
• BYOK (Bring Your Own Keys). This allows users to create their own keys, and then upload them to the cloud.

In AWS, we have KMS (Key Management Service), and which generates and stores encryption keys. These keys never leave Amazon’s HSM (Hardware Security Modules) (HSMs) and which have been validated under FIPS 140–2. When exported, they are then only available in an encrypted form. Overall, it costs $1 per month to store a key (but keys that are generated for AWS services are stored for free). The usage of the key is free up to certain access thresholds. Also, the keys can only be used in the geographical region they are setup for (such as…