Encryption Keys¶
Managed encryption keys for encrypting cloud resources across the MetaCloud.
Overview¶
Encryption Keys are MetaCloud artifacts that map to cloud-managed encryption keys (e.g., AWS KMS keys). They are used to encrypt storage volumes, snapshots, file systems, and machine images across your cloud accounts.
Encryption keys can be created directly in RosettaHub or retrieved from existing cloud accounts via your Cloud Keys.
Encrypted Resources¶
Encryption keys are referenced by the following MetaCloud artifacts:
| Artifact | Description |
|---|---|
| Block Storage | Encrypt EBS volumes, Azure Managed Disks, Persistent Disks |
| Block Snapshots | Encrypt snapshots of block storage volumes |
| File Storage | Encrypt EFS file systems and other network-attached storage |
| Machine Images | Encrypt AMIs and other machine images |
Key Attributes¶
| Attribute | Description |
|---|---|
| Encryption Key ID | The cloud provider's key identifier |
| Key Spec | Key specification (e.g., SYMMETRIC_DEFAULT, RSA_2048) |
| Key Usage | How the key is used (e.g., ENCRYPT_DECRYPT) |
Actions¶
| Action | Description |
|---|---|
| Create Encryption Key | Create a new encryption key on a cloud account |
| Retrieve Encryption Keys | Import existing encryption keys from a cloud account via Cloud Key |
| Share | Grant access to users, groups, or organizations |
| Customize | Update label and metadata |
| Delete | Remove the encryption key from RosettaHub |
Working with Encryption Keys¶
Creating an Encryption Key¶
- Open the Encryption Keys panel
- Click Create Encryption Key
- Select the cloud account and region
- Configure label and description
- The key is created on the cloud provider and registered in RosettaHub
Retrieving Existing Keys¶
- Select a Cloud Key in the Keys panel
- Right-click and choose Retrieve Encryption Keys
- Existing cloud encryption keys are mapped to the Encryption Keys panel
Using Encryption Keys¶
When creating or configuring encrypted resources (block storage, file storage, snapshots, images), select an encryption key from your available keys. The cloud provider handles the encryption/decryption transparently.
Related Topics¶
- Cloud Keys -- Retrieve encryption keys from cloud accounts
- Block Storage -- Encrypt disk volumes
- Block Snapshots -- Encrypt volume snapshots
- File Storage -- Encrypt network file systems
- Images -- Encrypt machine images