Configure with API operations or an AWS SDK

Set your key configuration in a SetTokenVaultCMK API request. The following partial example request body sets the token vault to use the provided customer managed key.


"KmsConfiguration": {
    "KeyType": "CUSTOMER_MANAGED_KEY",
    "KmsKeyArn": "arn:aws:kms:us-east-1:111122223333:key/a1b2c3d4-5678-90ab-cdef-EXAMPLE22222"
}

The following partial example request body sets a token vault to use an AWS owned key.


"KmsConfiguration": {
    "KeyType": "AWS_OWNED_KEY"
}

If your GetTokenVault response doesn't include a KmsConfiguration parameter, your token vault is configured to encrypt data at rest with an AWS owned key.

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

Set customer managed key policy

Security