I was wondering if I can use AWS KMS with such a use case. I want KMS to decrypt data sent over my an on-prem system (so no KMS). I was hoping that KMS can store the secret key. The on-prem system will use the public key to encrypt the data. Is this a feasible way?
From what I read so far KMS uses symmetric encryption? I can do what I want by using KMS to encrypt/decrypt my secret key, but the downside there is my app will have the secret key in plain text when using it.
Update:
AWS KMS now supports asymmetric keys.
Original answer:
AWS KMS is for symmetric encryption only. There is no way to use KMS with asymmetric cryptography.
If you need this kind of functionality, you can use CloudHSM instead of KMS.