Encryption

Modyo uses AWS Key Management Service (KMS) (opens new window) managed encryption for the secure encryption of all information in object repositories and data volumes managed for the client.

Keys managed by AWS KMS are generated using the AES 256 standard and have an automatic annual regeneration cycle, eliminating the need for manual actions to renew and update resources with the new keys.

Modyo configures independent AWS KMS keys for each resource. By default, AWS is delegated the complete generation and management of encryption keys. If a client wishes, externally managed keys can be incorporated into the service through the AWS CloudHSM (opens new window) module.

Activation Steps

The encryption provided by AWS KMS managed keys is active by default in all AWS S3 object repositories and data volumes in AWS RDS and OpenSearch, so it does not require activation.

If the incorporation of an externally managed key through AWS CloudHSM is required, it must be notified via a requirement ticket in the Modyo Support Center, indicating the reason and the key management plan (implementation, renewals, etc.).

Key Rotation

Customer-managed keys do not automatically rotate once a year like those generated by AWS KMS. Therefore, it is the client's responsibility to plan and request key rotation when required.