Key management overview
Stay organized with collections
Save and categorize content based on your preferences.
Improper key management is a major source of risk. To
address this risk, Tink offers:
- Built-in support for industry-leading options to help you secure your keys.
- A command line utility called Tinkey, which helps you
generate keys and work with Tink keysets.
Concretely, after you have selected a primitive and key type for your use case
(in the preceding I want to... section), follow these steps to manage your
keys:
Use an external Key Management System (KMS) like Google Cloud KMS, AWS KMS,
or HashiCorp Vault to protect your Tink-generated keys by:
Use Tink's APIs or Tinkey to generate an encrypted
keyset. After your keys have been encrypted,
you can store them wherever you want.
Rotate your keys to avoid the risk of
extensively reusing your keys.
Except as otherwise noted, the content of this page is licensed under the Creative Commons Attribution 4.0 License, and code samples are licensed under the Apache 2.0 License. For details, see the Google Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.
Last updated 2023-08-21 UTC.
[{
"type": "thumb-down",
"id": "missingTheInformationINeed",
"label":"Missing the information I need"
},{
"type": "thumb-down",
"id": "tooComplicatedTooManySteps",
"label":"Too complicated / too many steps"
},{
"type": "thumb-down",
"id": "outOfDate",
"label":"Out of date"
},{
"type": "thumb-down",
"id": "samplesCodeIssue",
"label":"Samples / code issue"
},{
"type": "thumb-down",
"id": "otherDown",
"label":"Other"
}]
[{
"type": "thumb-up",
"id": "easyToUnderstand",
"label":"Easy to understand"
},{
"type": "thumb-up",
"id": "solvedMyProblem",
"label":"Solved my problem"
},{
"type": "thumb-up",
"id": "otherUp",
"label":"Other"
}]
