---
title: AWS KMS
date: 2019-11-14 15:19:05
tags:
  - aws
---

We used to keep private credentials on production servers without any protection or encryption. Well, luckily we don't have any leak but this practice is not recommended for both security and easy of use reasons.

Since AWS finally provides [KMS(Key Management Service)][1] in our local region, we try to encrypt every private credentials by KMS and store them on S3.

*TBD*


[1]: https://www.amazonaws.cn/kms/