KMS Keys

DuploCloud allows you to configure Tenant and Plan level KMS (Key Management Service) keys for AWS/Azure resources. These keys can be selected when creating supported resources to ensure consistent encryption and help meet compliance requirements.

Adding a KMS Key for a Plan

Plan-level KMS keys can be used for encrypting resources in any Tenant under the selected Plan.

1. Navigate to Administrator -> Plans.

2. Select the Plan from the NAME column.

3. Select the KMS tab.

4. Click Add. The Add a Kms Key pane displays.

   
5. Complete the following fields:

1. Click Submit to add the key to the Plan. Once added, the key can be selected when creating supported resources in the Plan, such as databases, compute instances, storage resources, and other services.

Adding a KMS Key for a Tenant

Tenant-level KMS keys can be used for encrypting resources only within the selected tenant.

1. Navigate to Administrator -> Tenants.

2. Select the Tenant from the NAME column.

3. Select the KMS tab.

4. Click Add. The Add a Kms Key pane displays.

   
5. Complete the following fields:

1. Click Submit to add the key to the Tenant. Once added, the key can be selected when creating supported resources in the Tenant.

Selecting a KMS Key When Creating Resources

When creating a Host, RDS database, or other supported resource, select a KMS key to use for encrypting data at rest.

1. Navigate to the resource creation page (e.g., Hosts, RDS, or other supported resources).

2. Locate the Encryption Key or KMS Key field.

3. Choose a key from the options listed under Default Tenant Key, Plan-level Keys, or Tenant-level Keys.

   
4. Complete the rest of the resource creation steps as usual.