Integrate BYOK for AWS Key Management Service and Entrust KeyControl
Create an AWS CSP account
-
Sign in to the cloud keys vault URL created in Create a Cloud Keys Vault in the KeyControl.
-
Select the CSP Accounts tab.
-
In the Actions pull down menu, select Add CSP Account.
-
In the Add CSP Account window, enter the Name and Description.
-
In the Admin Group pull-down menu, select Cloud Admin Group.
-
In the Type pull-down menu, select AWS.
-
In the AWS Access Key ID text box, enter the Access key created in Create AWS AIM user.
-
In the AWS Secret Access Key text box, enter the Secret access key created in Create AWS AIM user.
-
In the Default region, choose your AWS region. Then select Continue.
For example:
-
In the Schedule tab, enter your organization’s standard rotation schedule for the access keys. Then select Apply.
-
Notice the newly created CSP account.
Create a key set in KeyControl
-
sign in to the cloud keys vault URL created in Create a Cloud Keys Vault in the KeyControl.
-
Select the Key Sets tab.
-
In the Actions pull down menu, select Create Key Set.
-
In the Choose the type of keys in this key set: window, select AWS Key.
-
In the Create Key Set window, enter a Name and Description. In the Admin Group pull-down menu, select Cloud Admin Group. Then select Continue.
For example:
-
In the CSP Account tab, select the CSP account created in Create an AWS CSP account. Check Use as External Key Store to allow Entrust KeyControl to encrypt and decrypt the KMS keys. Then select Continue.
For example:
-
In the HSM tab, check Enable HMS if an HSM is configured. Then select Continue.
-
In the Schedule tab, select a Rotation Schedule matching the selection made during Create an AWS CSP account. Then select Apply.
For example:
-
Notice the newly created key set.
For example:
For further information, refer to Creating a Key Set in the KeyControl online documentation.