KMS key types
Each KMS key has a fixed key type set at creation. The key type determines which operations are supported. Choose the type based on your use case before you create the key; key types cannot be changed after creation.
Supported key types
| Key type | Encrypt / decrypt | Sign / verify | HMAC | Public key export | BYOK import |
|---|---|---|---|---|---|
aes128-gcm96 | ✓ | — | — | — | ✓ |
aes256-gcm96 (default) | ✓ | — | — | — | ✓ |
chacha20-poly1305 | ✓ | — | — | — | ✓ |
rsa-2048 | ✓ | ✓ | — | ✓ | ✓ |
rsa-3072 | ✓ | ✓ | — | ✓ | ✓ |
rsa-4096 | ✓ | ✓ | — | ✓ | ✓ |
ecdsa-p256 | — | ✓ | — | ✓ | ✓ |
ecdsa-p384 | — | ✓ | — | ✓ | ✓ |
ecdsa-p521 | — | ✓ | — | ✓ | ✓ |
ed25519 | — | ✓ | — | ✓ | ✓ |
hmac | — | — | ✓ | — | ✗ |
hmac-sha256 | — | — | ✓ | — | ✗ |
hmac-sha512 | — | — | ✓ | — | ✗ |
Use case guidance
Volume and secrets encryption
Use symmetric key types for encrypting data at rest, secrets, and envelope encryption workflows:
aes256-gcm96— Recommended default for most encryption use casesaes128-gcm96— Lower key size when policy allowschacha20-poly1305— Alternative symmetric cipher
Symmetric keys support convergent encryption: the same plaintext and encryption context can produce the same ciphertext. This can be useful for deduplication but requires careful context design.
DNSSEC and document signing
Use asymmetric signing key types:
ecdsa-p256— Recommended for DNSSEC; Thalassa DNS auto-provisions this type when you enable DNSSEC without specifying a keyecdsa-p384/ecdsa-p521— Higher-strength ECDSA curvesrsa-2048/rsa-3072/rsa-4096— RSA signing where required by policy or integrationsed25519— Compact signatures for application attestation and modern signing workflows
Message authentication
Use HMAC key types when you need to generate or verify message authentication codes:
hmac— Default HMAC algorithmhmac-sha256/hmac-sha512— Explicit hash functions
HMAC keys cannot be imported via BYOK.
Small-payload RSA encryption
RSA key types support direct encrypt and decrypt for small payloads only. RSA-2048 has an effective plaintext limit of approximately 190 bytes. For bulk data, use symmetric keys with envelope encryption instead.
Public key workflows
RSA, ECDSA, and Ed25519 keys support public key export via GET …/public-key. Use exported public keys for offline signature verification or client-side RSA encryption. Public key export does not require the exportAllowed flag.
Choosing a default
| Scenario | Recommended key type |
|---|---|
| Application secrets and envelope encryption | aes256-gcm96 |
| DNS zone signing | ecdsa-p256 |
| API request signing / webhooks | hmac-sha256 or ed25519 |
| Code signing with RSA requirement | rsa-3072 or rsa-4096 |
| Regulatory BYOK symmetric key | Match your source material (typically aes256-gcm96) |
See Creating keys to create a key with your chosen type, and Sign, verify, and HMAC for operation details per type.