Category: Key Management Service (KMS)

This is a PHP example of what AWS calls envelope encryption. Really this is just a way to use a key hierarchy rooted at a key management service (KMS) key. We'll use PHP 7.2's libsodium support (via paragonie/sodium_compat). The idea is that you have a customer master key that lives in KMS - this never… Continue reading AWS Key Management Service Envelope Encryption in PHP →