On what basis to create Data Keys
For PII, we have to encrypt some columns in our DB (All of our infra resides on our own DC, not using any cloud provider).
Now roughly what we are doing is
Created a CMK at AWS.
Generate Data Key using CMK
Store the encrypted key in DB
Fo…