

AWS Key Management Service - jeffbarr
https://aws.amazon.com/blogs/aws/new-key-management-service/

======
helper
This is cool and a lot cheaper than the HSM option. It's not entirely clear to
me what the API for using the keys will be. The white paper gives an example
of getting a plaintext key and encryption key for doing application level
encryption. Is there also a signature API?

It would be cool if you could build a certificate authority where the root
keys are stored in this service. That would require some ability to generate
signatures via the API.

------
jakozaur
Nice thing, but for some use case it can get very expensive. E.g. daily
rotated per customer key is 365$ per year. If you have many small customers
that can cost more than all other hosting costs.

