Importing the Wrapped CMK to AWS KMS: CLI | Utimaco Integration Guides

Use the AWS CLI to import the wrapped key to your AWS KMS.

Execute the following command to import the BYOK key:

›_ Console
`> aws kms import-key-material --key-id <KeyId> --encrypted-key-material fileb://<path to wrappedkey.byok> --import-token fileb://<path to ImportToken.bin> --expiration-model <decide expiration model> --region <region>`

›_ Console

> aws kms import-key-material --key-id <KeyId> --encrypted-key-material fileb://<path to 
wrappedkey.byok>  --import-token fileb://<path to ImportToken.bin> --expiration-model <decide
expiration model> --region <region>

Verify that the import was successful by using the key ID to encrypt a small file.

›_ Console
`> aws kms encrypt --key-id <KeyId> --plaintext file://<path to a small file> --region <region>`

You can also check if the key is visible on your KMS portal.