KeyControl Vault and AWS XKS (HYOK) Limitations

There are some limitations with the current release:

• Currently only 256-bit AES keys are supported by AWS.

• Amazon recommends a round-trip time latency of under 35 milliseconds between the AWS region and the KeyControl.

• The maximum request time out in KMS is set to 250 milliseconds.

• External key stores are supported in MOST AWS Regions in which AWS KMS is supported. Prior to selecting the region make sure XKS is supported in that region.

• Only XKS Public endpoint connection option is supported.

• Only OVA image is provided for beta release.