User Guide

Open AWS Key Management Service (KMS) and create a symmetric key.

Define the administrative permissions. Select an admin user who can manage and rotate the key, if needed.

Define the key usage permissions. This needs to be a role with permissions to the data processor. You can provide permissions to the same role to which you provided access to AWS Secrets Manager.

Create the key and make note of the key ID. You will use this key ID when you configure the KMS environment in Policy Manager.

In the Environments settings, click the Key Management tab.

Key Management System—Select "AWS Secrets Manager."

AWS Region—Set this to the AWS region that you will use to access the AWS Secrets Manager. For example, us-west-2. To ensure consistent hashing, it is important to use AWS Secrets Manager from the same region. If the region is not defined, the Privitar processing engine will use the default region (for example, POD, Hadoop nodes, or SDK), which might be subject to change.

AWS Endpoint—Set this to the URL of the AWS endpoint that is used to make a private connection between your VPC and AWS Secrets Manager. When you use a VPC service endpoint, communication between your VPC and Secrets Manager occurs entirely within the AWS network and requires no public Internet access. For security, we recommend that you create this endpoint. For more information, see AWS Secrets Manager - User Guide.

AWS KMS Key—We recommend defining a master key that AWS Secrets Manager will use to protect every secret that it stores. For more information, see AWS KMS Developer Guide.

AWS Secrets tags—Enter the tags that will be attached to any secrets created by the Privitar Platform.

NOVLT Key Name—Enter the key name.