This document outlines the cryptographic key management policy in use at MailSlurp, with particular focus on the lifecycle of keys managed by AWS Key Management Service (KMS) using AES-256 encryption. Our policy ensures that cryptographic materials are generated, stored, distributed, rotated, and retired in accordance with industry standards and regulatory requirements.

1. Scope and Objectives

  • Scope: All cryptographic keys and related operations used to protect MailSlurp systems, data, and infrastructure.
  • Objective: To guarantee the confidentiality, integrity, and availability of sensitive information by implementing robust key management procedures.

2. Key Generation

  • AWS KMS: We leverage AWS KMS to generate and store symmetric keys using AES-256.
  • Entropy Source: Key generation leverages AWS’s FIPS-validated random number generators, ensuring a high level of entropy.

3. Key Storage

  • Secure Storage: Keys are stored in AWS KMS, isolated in secure cryptographic modules, and protected through Amazon’s hardware security modules (HSMs).
  • Access Controls: Permissions to manage and use keys are strictly limited to authorized roles. Policies enforce the principle of least privilege, ensuring only vetted services or individuals can perform key operations.

4. Key Distribution and Usage

  • AWS KMS Integration: All encryption and decryption tasks are performed via AWS KMS API calls, removing the need for manual key distribution.
  • Service-Based Policies: Application services accessing KMS keys require explicit IAM policies. Non-compliant or unauthorized services are denied access.
  • Encryption Standards: Data at rest is encrypted with AES-256; data in transit is encrypted with TLS 1.2 or higher, consistent with industry best practices.

5. Key Rotation

  • Automatic Rotation: We enable AWS KMS automatic key rotation in line with recommended rotation periods (generally once per year).
  • Manual Rotation: Exceptional rotations (e.g., post-incident or per regulatory requirement) are performed under a documented change management process, ensuring minimal service disruption and robust audit trails.

6. Key Compromise and Revocation

  • Detection: Indicators of compromise (IoCs) trigger an incident response procedure. We monitor system logs, alerts, and intrusion detection signals for suspicious key usage.
  • Revocation: In the event of suspected key compromise, we immediately disable or rotate the affected key through AWS KMS. Incident response protocols ensure all dependent systems quickly update their references to the new key version.

7. Auditing and Logging

  • Audit Logs: AWS KMS CloudTrail logs record key usage, including creation, rotation, and deletion events. These logs are retained according to our data retention policy.
  • Periodic Reviews: Security and compliance teams review logs regularly to confirm adherence to key usage policies, identify anomalies, and detect unauthorized access attempts.

8. Policy Maintenance and Review

  • Annual Review: This Key Management Policy undergoes at least an annual review to address emerging threats, incorporate changes in best practices, and ensure ongoing compliance with relevant regulations (e.g., GDPR, SOC 2).
  • Change Management: Proposed policy modifications follow a formal review and approval workflow, with executive security stakeholders providing final sign-off.

Conclusion
MailSlurp’s cryptographic key management policy combines AWS KMS security controls, strong access governance, and thorough logging to ensure that all keys—used to encrypt sensitive data—are robustly protected and well-audited throughout their lifecycle. This framework supports the confidentiality, integrity, and availability of MailSlurp systems and client data.