<- Back to the blog

Migrate Keys to Cloud KMS Without Rewriting any Code

Sam Ross-Gower
September 21, 2020

You can easily migrate cryptographic keys to the cloud without rewriting any code. In this video Dr. Graham Steel explains how to move to cloud cryptography easily and securely using Cryptosense Analyzer Platform (CAP). In this example we show how we can move an enterprise Tomcat Java application to Amazon's AWS KMS. We will modernize the cryptography used by the application, without having to rewrite any code.Firstly, we will discover all the cryptographic keys used by the application. To do this we attach an agent to the running application and record all the calls to the cryptographic libraries. We then look at the complete cryptography inventory provided by CAP and find the TLS private key that we want to migrate to the AWS KMS.Next, we edit the config file in our Tomcat application, and ask it to use a run-time agent provided by CAP to access the private TSL key from the AWS secret store. If you have any questions about this, or want to see a personalized demo. Let us know!