There are several ways to export SDKMS keys to major cloud providers that support BYOK for server-side encryption.
Download SDKMS CLI from here.
Azure Key Vault supports direct import of key material. Generate an exportable AES key in SDKMS and export its value to upload the key to Azure.
1. Create a 256-bit AES key in SDKMS with the
EXPORT key operation enabled.
$ python sdkms-cli create-key --obj-type AES --key-size 256 --name Azure-Cloud-Master-Key --exportable
2. Export this key on your application environment.
$ python sdkms-cli export-object --name Azure-Cloud-Master-Key
You have to choose to upload your key either as a software or hardware key depending on your requirement.