Hi everyone,
Im trying to encrypt data in my application level and store the encrypted data in a database then decrypted when needed.
I learnt that i need to keep my keys in a secure place such as aws kms.
Here is the problem:
If for any reason aws decided to lock me out of the account and i cant access the keys i will not be able to access my data.
Is there a soultion where i can keep a copy of the key locally but still use it with a service like aws kms?
Im traumatized by the idea of a third party having full control on a crusial aspect like this because last year i was locked out of my rds for like 5 days just for changing my payment details, so never again im giving any service provider such high power.
Thanks for any input.