A classic key is an encryption key managed in the Akeyless KMS that can be shared with a cloud KMS. Once a classic key is shared with a cloud KMS, you can use it as you would any key generated by the cloud provider itself. Akeyless remains responsible for managing the key lifecycle by providing secure storage, as well as full role-based access control, recording of key activities, and logging.
Classic keys are protected by an Akeyless DFC™ key.
Classic keys can either be generated by Akeyless, or imported into the Akeyless KMS from another source. Akeyless supports both AES-256-GCM and RSA 2048 keys.
Before you create a classic key, ensure that the key type is supported by the cloud KMS with which you want to share the key.
The typical flow for working with classic keys is:
Create a target for the classic key: Get started by setting up a target for the cloud KMS with which you want to share the key.
Create a classic key: Create the classic key in Akeyless, or import it into the Akeyless KMS from another source. Share the key with a cloud KMS when you create the key, or do this at a later date.
Share a classic key with a cloud KMS: If you did not share a classic key with a cloud KMS when you created it, share it at any time.
Update a classic key: Update a classic key to change its name, metadata, or tags.
Delete a classic key from a cloud KMS: Delete a classic key from a cloud KMS while leaving it in the Akeyless KMS.
Delete a classic key: Delete a classic key from both the Akeyless KMS and the cloud KMS with which you have shared it.
Updated about 1 year ago