amazon-web-servicesazuregoogle-cloud-platformkey-managementamazon-cloudhsm

AWS KMS and Other Cloud Services Interoperability


First, apologies if this is a very naive question.

My question: assuming I choose AWS CloudHSM + KMS as my main key management solution, can I still keep using it (as a single source of trust in a fashion) if later I develop apps on Azure or Google Cloud?

Thanks.


Solution

  • Yes, you can definitely keep on using AWS CloudHSM + KMS even if you switch to Azure or Google Cloud. IMHO, it would be highly advisable to choose other cloud native KMS services if you are going with a specific cloud provider.

    For example - If you are moving to Google Cloud Platform, it would be highly advisable to switch to Cloud Key Management instead of making API calls to KMS of other cloud providers.

    The best way moving forward would be to move to a cloud agnostic solution such as HashiCorp Vault which allows us to create consistent patterns for storing secrets, as well as authenticating identities. These patterns stay roughly the same regardless of the ecosystem our services are being deployed into.