https://aws.amazon.com/polly/ I am excited to announce the availability of https://aws.amazon.com/kms/ External Key Store. This new capability allows you to store AWS KMS https://docs.aws.amazon.com/kms/latest/developerguide on a https://en.wikipedia.org/wiki/Hardware_security_module (HSM) that you operate on premises or at any location of your choice.
To protect data encryption keys, the service also requests that AWS KMS encrypts that key with a specific KMS customer managed key, also known as a root key.
All AWS KMS interactions with the external HSM are mediated by an external key store proxy (XKS proxy), a proxy that you provide, and you manage.
Once you have completed the setup of your XKS proxy and HSM, you can create a corresponding external key store resource in KMS.