Key Management Service (KMS) adoption guide
The KMS in IBM Cloud Private helps keep data secure. It integrates with user-owned hardware security modules (HSM). A root key is used for envelope encryption to secure the data encryption keys used inside of your applications.
Incorporating KMS into your applications, includes the following tasks:
- Provisioning an instance of the KMS
- Configuring a service ID with
Administrator
privileges for the instance - Configuring a service ID with
Viewer
privileges for your application - Generating or importing a root key into the KMS
- Using a root key to encrypt and decrypt the data encryption keys that are used in your application.
See the following configurations: