Key Management Service (KMS) adoption guide

The KMS in IBM Cloud Private helps keep data secure. It integrates with user-owned hardware security modules (HSM). A root key is used for envelope encryption to secure the data encryption keys used inside of your applications.

Incorporating KMS into your applications, includes the following tasks:

• Provisioning an instance of the KMS
• Configuring a service ID with Administrator privileges for the instance
• Configuring a service ID with Viewer privileges for your application
• Generating or importing a root key into the KMS
• Using a root key to encrypt and decrypt the data encryption keys that are used in your application.

See the following configurations:

• Configuring Key Management Service
  
• Encrypting Kubernetes secrets with Key Management Service plug-in
  
• Upgrading Key Management Service Helm charts