Thanks for the video; as a newbie to AWS world your videos helped me a lot to understand the topic's clearly and obtain my first certification . Looking forward for similar content on Developer and Big data services
Thanks a lot. Please support us by sharing the video with your friends on FB / Twitter / LinkedIn, so that we can continue to bring more useful videos for you and answer your queries...
Thanks for your appreciation. You can support our initiative of Free Practical Cloud Tutorials by sharing this video with your friends on Social channels, whatsapp etc. If it helped you solve a problem and you would like to applaud us, click the Applaud button :) For regular 1-1 interaction with me, check our Membership - ruclips.net/channel/UCzpHRBVnkzBfSsXostYuW1gjoin ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Thanks a lot. Please support us by sharing the video with your friends on FB / Twitter / LinkedIn, so that we can continue to bring more useful videos for you and answer your queries...
Thank you for the video ..I have one doubt.. In the part 1 video you told as data key will be used to encrypt file but in this video CMK is used to encrypt data then where we use data key?
@Knowledge India sir i have a doubt, in the first video part, you said that data key will be used for encrypting any text, in which data key also gets encrypted and stored. But in this second part, you have encrypted the text directly with the master key(custom)? In this case, where data key usage here?
:) Vinoth, in this example i wanted to show the method how CMK could be used to encrypt & decrypt. The data key is not used in this example. In case of EBS, RDS etc. from CMK a data key is generated and then this data key is used for encrypting the data.
Dear @@knowledgeindia Thanks for the response. could you please clarify me , The AWS managed customer master key will generate the data key automatically for the few AWS services like EBS,RDS,S3 ... shall i use the customer managed customer master key for the services which was managed by AWS managed customer master key supports? If yes how can we specify the data key in that case? does the customer managed customer manager key support all other services? could you please give some use cases realted to the customer managed customer manager key. Thank you.
good videos.. really appreciate the effort. one QQ. while decrypt and decoding , new lines are not getting identified and decrypted data comes in a single line. any idea ?
Hello, I have question about how keys are region specific. In scenario where I have used key to encrypt say file and uploaded to s3 in region A. And if my application is trying to consume this same file in region B would it be able to decrypt this data successfully ?
How come decrypt function does not the keyid for the master key? Where is the keyid stored? If it is stored with data then it defeats the whole purpose right? Any one can just call decrypt and they will get the data.
Hi Nitin, AWS KMS stores meta-data in cipher text which is used by this service to find out the CMK used for encryption. Who can call decrypt function is controlled by IAM permissions as stated by @KnowledgeIndia AWS Azure Tutorials.
Something which was encrypted using key1, needs to be decrypted using that only. But, that doesn't mean you should not follow the best practice of key rotation. Once key is rotated, all the new content from that point, is encrypted using new key.
@@knowledgeindia This is something wrong. If you are not using the new key for the old data, then its a security breach. For example if some body hacks the old key (thats why rotation is there) so old data he can view easily. In my perspective, if key rotation is there old data should also be encrypted using new key.
Great job explaining KMS using both the videos
Thanks, please do share with your friends
Thanks for the video; as a newbie to AWS world your videos helped me a lot to understand the topic's clearly and obtain my first certification . Looking forward for similar content on Developer and Big data services
Thanks a lot. Please support us by sharing the video with your friends on FB / Twitter / LinkedIn, so that we can continue to bring more useful videos for you and answer your queries...
super set of tutorials...superb...
excellent explanation
This is really amazing content. Thanks for these vdos
Thanks for your appreciation. You can support our initiative of Free Practical Cloud Tutorials by sharing this video with your friends on Social channels, whatsapp etc.
If it helped you solve a problem and you would like to applaud us, click the Applaud button :)
For regular 1-1 interaction with me, check our Membership - ruclips.net/channel/UCzpHRBVnkzBfSsXostYuW1gjoin
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Thanks KI, great stuff
great content. Please add few more videos in this topic showing data keys in action with EBS, RDS etc. Keep up the great work. :-)
Thanks a lot. Please support us by sharing the video with your friends on FB / Twitter / LinkedIn..
Great stuff..thanks for your videos
Thanks. Please do share with your friends. Look at other easy AWS videos on our channel.
Well explained. Thank you !!
Thanks a lot. Please support us by sharing the video with your friends on FB / Twitter / LinkedIn, so that we can continue to bring more useful videos for you and answer your queries...
Thank you for the video ..I have one doubt.. In the part 1 video you told as data key will be used to encrypt file but in this video CMK is used to encrypt data then where we use data key?
Great video ... Can you make videos on API gateways ( esp the security aspects ) please ?
will try.. show your support by joining our membership :) ..
@Knowledge India sir i have a doubt, in the first video part, you said that data key will be used for encrypting any text, in which data key also gets encrypted and stored. But in this second part, you have encrypted the text directly with the master key(custom)? In this case, where data key usage here?
:) Vinoth, in this example i wanted to show the method how CMK could be used to encrypt & decrypt. The data key is not used in this example.
In case of EBS, RDS etc. from CMK a data key is generated and then this data key is used for encrypting the data.
Dear @@knowledgeindia Thanks for the response. could you please clarify me , The AWS managed customer master key will generate the data key automatically for the few AWS services like EBS,RDS,S3 ... shall i use the customer managed customer master key for the services which was managed by AWS managed customer master key supports? If yes how can we specify the data key in that case? does the customer managed customer manager key support all other services? could you please give some use cases realted to the customer managed customer manager key. Thank you.
good videos.. really appreciate the effort. one QQ. while decrypt and decoding , new lines are not getting identified and decrypted data comes in a single line. any idea ?
For key-id you are using the Customer Master key? How do you do it with data key?
How can i decrypt the private key with customer master key
How can I enable existing CMK in terraform?
Will this charge in free tier ?
How to identify that it is encoded in base64 format? or any other format can it be encoded?
Dear Knowledge India, could please help to show how to decrypt a tape encrypted with KMS key on AWS Storagegateway? thank you so much.
i will try but doing storage gateway is going to be difficult mate.
Hello, I have question about how keys are region specific. In scenario where I have used key to encrypt say file and uploaded to s3 in region A. And if my application is trying to consume this same file in region B would it be able to decrypt this data successfully ?
in this case the key and encrypted object are in same region so decryption will happen. From where it gets consume that doesn't matter.
everything was encrypted master key. where is the data key getting used ?
How come decrypt function does not the keyid for the master key? Where is the keyid stored? If it is stored with data then it defeats the whole purpose right? Any one can just call decrypt and they will get the data.
well anyone cannot call decrypt function. it is controlled by the IAM permissions.
Hi Nitin, AWS KMS stores meta-data in cipher text which is used by this service to find out the CMK used for encryption. Who can call decrypt function is controlled by IAM permissions as stated by @KnowledgeIndia AWS Azure Tutorials.
Hi sir I have a doubt if we can still decrypt the file using old key then what is the use of rotation, why we should rotate the master key
Something which was encrypted using key1, needs to be decrypted using that only. But, that doesn't mean you should not follow the best practice of key rotation. Once key is rotated, all the new content from that point, is encrypted using new key.
@@knowledgeindia This is something wrong. If you are not using the new key for the old data, then its a security breach. For example if some body hacks the old key (thats why rotation is there) so old data he can view easily. In my perspective, if key rotation is there old data should also be encrypted using new key.