Integrate BYOK for AWS Key Management Service and KeyControl

Sign in to the cloud keys vault URL created in Create a Cloud Keys Vault in the KeyControl.

Select the CSP Accounts tab.

In the Actions pull-down menu, select Add CSP Account.

In the Add CSP Account window, enter the Name and Description.

In the Admin Group pull-down menu, select Cloud Admin Group.

In the Type pull-down menu, select AWS.

In the AWS Access Key ID text box, enter the Access key created in create-aws-iam-user.adoc#create-aws-iam-user.

In the AWS Secret Access Key text box, enter the Secret access key created in create-aws-iam-user.adoc#create-aws-iam-user.

In the Default region, choose your AWS region. Then select Continue.

For example:

In the Schedule tab, enter your organization’s standard rotation schedule for the access keys. Then select Apply.

Notice the newly created CSP account.

Select the newly created CSP account.

In the Actions pull-down menu, select Test Connection. The connection tested successfully pop-up windows appears.

Sign in to the cloud keys vault URL created in Create a Cloud Keys Vault in the KeyControl.

Select the Key Sets tab.

In the Actions pull down menu, select Create Key Set.

In the Choose the type of keys in this key set: window, select AWS Key.

In the Create Key Set window, enter a Name and Description. In the Admin Group pull-down menu, select Cloud Admin Group. Then select Continue.

For example:

In the CSP Account tab, select the CSP account created in Create a CSP account in KeyControl for AWS. Uncheck Use as External Key Store. Then select Continue.

For example:

In the HSM tab, check Enable HMS if an HSM is configured. Then select Continue.

For example:

See Integrating with an HSM for additional information.

In the Schedule tab, select a Rotation Schedule. Then select Apply.

For example:

Notice the newly created key set.

For example: