Customer-managed keys with KMS

Metorial supports secret encryption backed by AWS KMS, including your own KMS keys. You control the encryption of secrets stored in Metorial, with full audit logs.

platform.metorial.com
A screenshot showcasing the KMS feature of Metorial.

KMS

Encrypt secrets with keys you control

Some organizations need to own the encryption, not just trust that it happens. Metorial backs secret storage with AWS KMS and lets you use your own KMS keys. The credentials stored in Metorial are encrypted with keys you control, adding a layer of security on top of secure storage, without you having to run the storage yourself.

  1. 01

    Use your own keys.

    Bring your own AWS KMS keys to encrypt the secrets stored in Metorial. Encryption is under your control.

  2. 02

    Add a layer of security.

    Customer-managed encryption provides an additional layer of protection for sensitive data on top of secure storage.

  3. 03

    Keep it auditable.

    There's full observability and audit logging for all operations involving secrets protected by KMS.

What KMS gives you

Encryption under your control

  1. Backed byAWS KMS
  2. Customer-managed keysSupported
  3. Key operations auditedEvery
  4. Added security layerYes

Bring your own keys. Keep control of encryption. Audit every operation.

FAQ

Answers to common questions about kms and how they fit into governed AI agent infrastructure.

  1. What does KMS provide in Metorial?
    KMS-backed secret storage means the credentials stored in Metorial are encrypted using AWS KMS. You can use your own keys to control the encryption.
  2. Yes. You can use your own AWS KMS keys to encrypt secrets stored in Metorial, which gives you control over encryption and an additional layer of security.
  3. No. Metorial stores and uses the secrets. KMS is about who controls the encryption keys. You get the control without running the storage.
  4. Yes. There's full observability and audit logging for all operations involving secrets protected by KMS.
  5. Metorial Vault is the secure storage for secrets. KMS is the encryption layer beneath it, including the option to bring your own keys.
  6. Organizations with compliance or security requirements that call for controlling their own encryption keys rather than relying entirely on the provider's.

Control the encryption behind your secrets

See how Metorial supports customer-managed KMS keys for an added layer of security, with full audit logs. Book a demo, or talk to sales.