Enabling bring your own key (BYOK) for OSD and ROSA clusters on AWS

Updated -


  • AWS account that meets the requirements for a Customer Cloud Subscription (CCS) cluster.
  • AWS Key Management Service (KMS) policy that grants the IAM master role access to the KMS key.

To use your own encryption key to encrypt the Amazon Elastic Block Store (EBS) volumes used by your cluster, you must configure the default EBS ...

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In