KMS (Key Management Service)

KMS manages encryption keys for encrypting data at rest and controlling key usage.

Updated: 2026-03-05

Definition

A Key Management Service (KMS) creates, stores, and controls access to encryption keys.

It supports key policies/permissions, auditing, rotation, and integration with storage and database services.

Key points

Central key management
Access control and auditing for key usage
Rotation policies improve security

Common mistakes

Giving broad key permissions (keys become a high-value target).
Not enabling audit logs for key usage.

Related exams

AWS Certified Solutions Architect – Associate (SAA-C03)

Free SAA-C03 mini test. Continue in the app for offline packs and detailed explanations.

Microsoft Azure Fundamentals (AZ-900)

Free AZ-900 mini test. Continue in the app for offline packs and detailed explanations.

Related terms

Want to practice this in exam-style questions?

Use the mini tests on each exam page, then continue in the app for offline packs and detailed explanations.