Access a KMS-Encrypted Secret

Enable your Apono connector to read a KMS-encrypted AWS secret

Your Apono connector can read AWS secrets encrypted with Key Management Service (KMS). KMS-encrypted secrets offer several benefits:

  • Enhance security with strong encryption
  • Easily manage access to secrets using Identity Access Management (IAM) and KMS key policies
  • Record who has accessed your secrets, and when, with KMS' built-in auditing
  • Meet regulatory and compliance requirements by leveraging KMS encryption for sensitive data


For more information on KMS encryption, see Amazon’s documentation.


Item Description
AWS secret Credential information used for authentication and authorization within AWS services

Create an AWS secret.

Access a KMS-encrypted secret

Key-value tag editor in KMS

Key-value tag editor in KMS

Follow these steps to enable your Apono connector to read a KMS-encrypted secret:

  1. From the KMS main navigation, click Customer managed keys. A table appears with all self-managed keys.

  2. Select the key of an Apono-connected secret. The key configuration page appears.

  3. Under the Tags tab, click Add tag. A key-value editor appears.

  4. Add the following tag to your KMS encryption key:

    Tag keyapono-connector-access
    Tag valuetrue
  5. Click Save.

Your Apono connector can now read your AWS secret with KMS.