First, apologies if this is a very naive question.
My question: assuming I choose AWS CloudHSM KMS as my main key management solution, can I still keep using it (as a single source of trust in a fashion) if later I develop apps on Azure or Google Cloud?
Thanks.
CodePudding user response:
Yes, you can definitely keep on using AWS CloudHSM KMS
even if you switch to Azure or Google Cloud. IMHO, it would be highly advisable to choose other cloud native KMS services if you are going with a specific cloud provider.
For example - If you are moving to Google Cloud Platform
, it would be highly advisable to switch to Cloud Key Management
instead of making API calls to KMS of other cloud providers.
The best way moving forward would be to move to a cloud agnostic solution such as HashiCorp Vault
which allows us to create consistent patterns for storing secrets, as well as authenticating identities. These patterns stay roughly the same regardless of the ecosystem our services are being deployed into.