AWS sap documentation change
Summary
Updated HYOK scenario table structure, added key revocation capability, and corrected image reference from BYOK to HYOK
Security assessment
The change adds documentation about key revocation capabilities (disable/unregister keys) which is a security feature enhancement. No evidence of addressing a specific vulnerability.
Diff
diff --git a/sap/latest/general/aws-kms.md b/sap/latest/general/aws-kms.md index 83d983b1b..87013a498 100644 --- a//sap/latest/general/aws-kms.md +++ b//sap/latest/general/aws-kms.md @@ -15,3 +15,5 @@ This integration allows customers to manage and control the encryption keys used -Area | AWS KMS (HYOK Scenario) | Supported Key Types and Key Sizes ----|---|--- -AES (256), RSA (3072, 4096) | Key Management | Key is created and stored in AWS KMS keystore +Area | AWS KMS (HYOK Scenario) +---|--- +Supported Key Types and Key Sizes | AES (256), RSA (3072, 4096) +Key Management | Key is created and stored in AWS KMS keystore +Key Revocation | Key can be disabled or unregistered at any time @@ -21 +23 @@ Below is the SAP KMS integration with AWS KMS - HYOK - +