KMS

Content

Basics

Understand the basic architecture of KMS, learn about key features and how to use the service efficiently.

How-tos

Manage instances, keys, and backups.

FAQ

Quickly find answers to frequently asked questions about KMS.

Release notes

Discover what's new in KMS, including added features, bug fixes and deprecation notices.

Features

STACKIT Key Management Service („KMS“) is a managed service that simplifies the creation, management, and use of cryptographic keys. It allows to perform cryptographic operations securely and efficiently. The KMS API simplifies to integrate key management into applications and workflows.

FAQ

Can I bring my own key?

Yes! During the creation of the key / key version you can decide if it should be generated or imported.

What kind of encryption algorithms are supported?

The Key Management System currently supports: aes_256_gcm rsa_2048_oaep_sha256 rsa_3072_oaep_sha256 rsa_4096_oaep_sha256 rsa_4096_oaep_sha512

Can I export my generated encryption keys?

No, the export of encryption keys is not intended.

Latest updates

• announcement

  STACKIT KMS is now available in Region EU02

  Apr 7, 2026

  We are excited to announce that the STACKIT Key Management Service (KMS) is now officially available in our EU02 region. This expansion provides you with greater flexibility to manage your cryptographic keys and protect sensitive data within our second geographic location. By making KMS available in EU02, you can now ensure your encryption keys remain close to your regional workloads for optimal performance and local data residency. Key highlights of this release:

  • Geographic Flexibility: Deploy and manage your KMS instances directly in EU02 to support your regional infrastructure.
  • Low Latency: Minimize response times for cryptographic operations by hosting keys in the same region as your integrated STACKIT services.
  • Full Feature Parity: Access the same robust security features, key lifecycle management, and portal integration you currently utilize in our primary region.

  For more information on getting started, please visit our Help Center or refer to the STACKIT KMS Documentation.

• deprecated

  Deprecation of KMS API version v1beta

  Sep 3, 2025

  After the successful General Availability (GA) release of the STACKIT Key Management Service (KMS), we would like to inform you that the KMS API v1beta is deprecated and will be removed after 15 October 2025. If you are still using the KMS API v1beta we advise you to migrate to the KMS API v1.

  Breaking changes between v1beta and v1:

  • Post Key Ring has a different return code on success (202, was 201)
  • Post Wrapping Key has a different return code on success (202, was 200)
  • Post Key has a different return code on success (202, was 200)
  • Post Key Rotate has a different return code on success (202, was 200)
  • Post Key Restore has a different return code on success (204, was 200)
  • Post Key Import has a different return code on success (202, was 200)
  • A field in the Wrapping Key Structure has been renamed (protection, was backend)
  • A field in the Key Structure has been renamed (protection, was backend)

  Our Help Center is always at your disposal if you have any questions.

• announcement

  STACKIT Key Management Service is now available

  Sep 2, 2025

  We are happy to announce the release of our brand new STACKIT Key Management Service (KMS).

  KMS is a STACKIT managed service that simplifies the creation, management, and use of cryptographic keys, allowing you to perform cryptographic operations securely and efficiently.

  The KMS API simplifies the integration of key management into your applications and workflows.

  Key Features:

  Generate cryptographic keys of the following variants: AES-256, RSA-2048, RSA-3072, RSA-4096 Bring your own keys by uploading them to KMS Key Rotation Enables the encryption and decryption of customer data with keys stored in KMS For more information and detailed documentation, please visit our documentation.

  Our Help Center is always at your disposal if you have any questions.

KMS Release notes