Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Bookmarking this. Additionally I assume you could also limit access to KMS so that only your servers can issue requests.


Yep. Not sure the details of AWS, but in GCP access to KMS APIs and specific keys is controlled by IAM, and you can set "conditions" on IAM policies to restrict access by things like IP of the request: https://cloud.google.com/iam/docs/conditions-overview


KMS is managed by IAM so you can attach roles or use STS (create an access key / password) that can assume a role that can encrypt.




Consider applying for YC's Fall 2026 batch! Applications are open till July 27.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: