Content

STACKIT Key Management Service („KMS“) is a managed service that simplifies the creation, management, and use of cryptographic keys. It allows to perform cryptographic operations securely and efficiently. The KMS API simplifies to integrate key management into applications and workflows.

FAQ

Can I bring my own key?

Yes! During the creation of the key / key version you can decide if it should be generated or imported.

What kind of encryption algorithms are supported?

The Key Management System currently supports: aes_256_gcm rsa_2048_oaep_sha256 rsa_3072_oaep_sha256 rsa_4096_oaep_sha256 rsa_4096_oaep_sha512

Can I export my generated encryption keys?

No, the export of encryption keys is not intended.

Latest updates

• deprecated

  Deprecation of KMS API version v1beta

  3. Sept. 2025

  After the successful General Availability (GA) release of the STACKIT Key Management Service (KMS), we would like to inform you that the KMS API v1beta is deprecated and will be removed after October 15, 2025. If you are still using the KMS API v1beta we advise you to migrate to the KMS API v1.

  Breaking changes between v1beta and v1:

  • Post Key Ring has a different return code on success (202, was 201)
  • Post Wrapping Key has a different return code on success (202, was 200)
  • Post Key has a different return code on success (202, was 200)
  • Post Key Rotate has a different return code on success (202, was 200)
  • Post Key Restore has a different return code on success (204, was 200)
  • Post Key Import has a different return code on success (202, was 200)
  • A field in the Wrapping Key Structure has been renamed (protection, was backend)
  • A field in the Key Structure has been renamed (protection, was backend)

  Our Help Center is always at your disposal if you have any questions.

• announcement

  STACKIT Key Management Service is now available

  2. Sept. 2025

  We are happy to announce the release of our brand new STACKIT Key Management Service (KMS).

  KMS is a STACKIT managed service that simplifies the creation, management, and use of cryptographic keys, allowing you to perform cryptographic operations securely and efficiently.

  The KMS API simplifies the integration of key management into your applications and workflows.

  Key Features:

  Generate cryptographic keys of the following variants: AES-256, RSA-2048, RSA-3072, RSA-4096 Bring your own keys by uploading them to KMS Key Rotation Enables the encryption and decryption of customer data with keys stored in KMS For more information and detailed documentation, please visit our documentation.

  Our Help Center is always at your disposal if you have any questions.

• announcement

  STACKIT Key Management Service is now available as beta version

  1. Apr. 2025

  We are happy to announce the beta release of our brand new STACKIT Key Management Service (KMS).

  KMS is a STACKIT managed service that simplifies the creation, management, and use of cryptographic keys, allowing you to perform cryptographic operations securely and efficiently.

  The KMS API simplifies the integration of key management into your applications and workflows.

  Key Features:

  Generate cryptographic keys of the following variants: AES-256, RSA-2048, RSA-3072, RSA-4096 Bring your own keys by uploading them to KMS Key Rotation Enables the encryption and decryption of customer data with keys stored in KMS If you have any questions, please feel free to contact us via support ticket.

KMS Release notes