Upload Encrypted Key Material and Import Token

After encrypting the key material, you need to upload it together with the import token.

About this task

You can import only one key material into a CMK. When you import a key material into a CMK, the key material is associated with that CMK. Later, if you want to re-import key material after it is deleted or expires, you can only import the same key material. No other key material can be imported. If you want to rotate a CMK that uses external key material, you need to create a new CMK and import new key material.

Procedure

  1. Log in to the Key Management Service Console .
  2. In the left navigation pane, click Keys > Customer managed keys.
  3. On the Customer management key page, click the ID of the target CMK.
    Note: You can only import key material into a CMK in the Status of PENDING_IMPORT.
  4. On the Key Detail page, click Import Key’s Data at the bottom.
  5. On the Import key files page that opens, import the key material and import token.
    • Encrypt key files: Click Select files to select the key material that has been encrypted in the Encrypt Key Material step.
    • Import Token: Click Select files to get the import token that has been generated in the Get Parameters for Import step.
    • Expiry date of key files:
      • Never Expire: The imported key material never expires.
      • Expiry Date: You can specify an expiration time for the key material. The key material is valid for 24 hours by default. When the key material expires, KMS automatically deletes it within 24 hours. After the key material is deleted, the corresponding CMK is unusable. The status of the CMK becomes PENDING_IMPORT. You can reuse the CMK by reimporting the same key material. You are responsible for keeping a copy of your key material.
  6. Click Confirm.
Did the above content solve your problem? Yes No
Please complete information!

Call us

400-151-8800

Email us

cloud@pingan.com

Online customer service

Instant reply

Technical Support

cloud products