AWS Key Management Service vs Keywhiz: What are the differences?
AWS Key Management Service: Easily create and control the encryption keys used to encrypt your data. AWS Key Management Service (KMS) is a managed service that makes it easy for you to create and control the encryption keys used to encrypt your data, and uses Hardware Security Modules (HSMs) to protect the security of your keys. AWS Key Management Service is integrated with other AWS services including Amazon EBS, Amazon S3, and Amazon Redshift. AWS Key Management Service is also integrated with AWS CloudTrail to provide you with logs of all key usage to help meet your regulatory and compliance needs; Keywhiz: A system for distributing and managing secrets. Keywhiz is a secret management and distribution service that is now available for everyone. Keywhiz helps us with infrastructure secrets, including TLS certificates and keys, GPG keyrings, symmetric keys, database credentials, API tokens, and SSH keys for external services — and even some non-secrets like TLS trust stores. Automation with Keywhiz allows us to seamlessly distribute and generate the necessary secrets for our services, which provides a consistent and secure environment, and ultimately helps us ship faster.
AWS Key Management Service can be classified as a tool in the "Data Security Services" category, while Keywhiz is grouped under "Secrets Management".
Some of the features offered by AWS Key Management Service are:
- Centralized Key Management
- Integrated with AWS services
- Encryption for all your applications
On the other hand, Keywhiz provides the following key features:
- Keywhiz Server provides JSON APIs for accessing and managing secrets. It is written in Java and based on Dropwizard.
- KeywhizFs is a FUSE-based file system, providing secrets as if they are files in a directory. Transparently, secrets are retrieved from a Keywhiz Server using mTLS with a client certificate.
- Presenting secrets as files makes Keywhiz compatible with nearly all software. Outside of Keywhiz administration, consumers of secrets only have to know how to read a file.
Keywhiz is an open source tool with 2.09K GitHub stars and 166 GitHub forks. Here's a link to Keywhiz's open source repository on GitHub.