In software development it is a norm to secure your credentials, tokens, and any other confidential stuff, usually by encrypting them. As the cloud computing and cloud services are booming now, it is good to store the confidential data into a cloud service, which encrypts and decrypts it, and offer seamless integration with other services such as Database, and Server. One such service is AWS KMS.
Amazon Web Services offer many cloud services for an application to deploy, manage any applications (web or serverless or etc). KMS is also a service provided by AWS, which is used to encrypt username and password of the database, EC2 instance and any other data configuration properties.
AWS KMS provides AWS Managed keys which can be used to encrypt and decrypt data. These are read only meaning, these can be used to encrypt or decrypt but you cannot change the algorithm, type of key and rotation period. To be able to do all these, you might have to create a customer managed key which allows you to do changes, such as IAM stuff.
To configure a key in AWS KMS, follow the instructions below:
Login to AWS, and open Key Management Service.
Click on Create Key
Based on your requirement, select either Symmetric Key or Asymmetric key.
Select the KMS Options, give alias and description. Click on next.
Here you need to select the admin of the key who can edit the key, change the IAM policy and assign users. But the admin cannot use this key to encrypt or decrypt unless added to IAM policy
Assign the users who can use this key to encrypt or decrypt. The user can be an admin of the key too. There is no restriction to that.
Once everything is configured, aws will provide you this key where ever it is applicable.
The above steps explains for Symmetric Key
Please feel free to comment, or start a discussion in discussion forum. Please feel free to correct me if I'm wrong.