How to migrate asymmetric keys from CloudHSM to AWS KMS

Security Blog

This article provides a step-by-step guide on how to migrate asymmetric keys from AWS CloudHSM to AWS Key Management Service (AWS KMS).

Specifically, the article covers:

Benefits of importing key materials into AWS KMS
Solution overview for migrating asymmetric keys from CloudHSM to KMS
Prerequisites for following the walkthrough
Step 1: Creating a KMS key without key material
Step 2: Downloading the wrapping public key and import token from AWS KMS
Step 3: Importing the wrapping key into CloudHSM
Step 4: Wrapping the private key in CloudHSM using the imported wrapping key
Step 5: Importing the wrapped private key to AWS KMS
Testing that the private key was successfully imported
Conclusion

Go to article

The AWS News Feed is currently looking for gold sponsors. If you want to support the AWS community and reach a large audience of AWS professionals, consider sponsoring the AWS News Feed.

Apr 12
2024

The curious case of faster AWS KMS symmetric key rotation

Sep 26
2024

How to migrate 3DES keys from a FIPS to a non-FIPS AWS CloudHSM cluster

Jun 6
2025

AWS KMS launches on-demand key rotation for imported keys

Jun 17
2024

AWS KMS now supports Elliptic Curve Diffie-Hellman (ECDH) key agreement

The AWS News Feed is currently looking for silver sponsors. If you want to support the AWS community and reach a large audience of AWS professionals, consider sponsoring the AWS News Feed.

How to migrate asymmetric keys from CloudHSM to AWS KMS

Related articles