In addition to keys for the algorithms described in Algorithm Support, SDKMS has the ability to store “opaque” objects. An opaque object can be used to store arbitrary data, which may or may not be sensitive. SDKMS does not perform cryptographic operations using opaque objects, but clients can fetch the value of the opaque object from SDKMS.
Possible uses of opaque objects include:
- Storing the TLS certificate associated with an RSA private key object
- Storing passwords or other non-cryptographic secrets
- Storing keys for algorithms not natively supported by SDKMS
Opaque objects can also be imported using the web interface.