The original post: /r/cybersecurity by /u/mohusein on 2024-10-12 22:11:40.

Hi everyone,

Im trying to encrypt data in my application level and store the encrypted data in a database then decrypted when needed.

I learnt that i need to keep my keys in a secure place such as aws kms.

Here is the problem: If for any reason aws decided to lock me out of the account and i cant access the keys i will not be able to access my data.

Is there a soultion where i can keep a copy of the key locally but still use it with a service like aws kms?

Im traumatized by the idea of a third party having full control on a crusial aspect like this because last year i was locked out of my rds for like 5 days just for changing my payment details, so never again im giving any service provider such high power.

Thanks for any input.