When comparing CloudFlare Red October vs Amazon Key Management Service, the Slant community recommends CloudFlare Red October for most people. In the question“What are the best shared secret managers?” CloudFlare Red October is ranked 4th while Amazon Key Management Service is ranked 10th. The most important reason people chose CloudFlare Red October is:
Red October is fully open source, from the encryption library to the UI modules. Everyone can inspect the code hosted on GitHub or fork it and implement it to suit their needs if they have to.
Ranked in these QuestionsQuestion Ranking
Pros
Pro Fully open source
Red October is fully open source, from the encryption library to the UI modules. Everyone can inspect the code hosted on GitHub or fork it and implement it to suit their needs if they have to.
Pro Uses the "two-man rule" for extra security
Red October was built to add an extra layer of security inside organizations. The "two-man rule" that Red October employs means that data can only be decrypted if two or more users provide the necessary keys.
Pro Extremely secure
Amazon has used a lot of techniques to harden the process of storing and securing keys in its service. For example, keys are not stored on disk, nor are they allowed to persist in memory.
Amazon employees can not access a user's secret keys physically and the keys themselves are stored in the same geographical region as the application they belong to.
Pro Easy to use from a single dashboard
AWS Key Management Service offers a single unified dashboard that teams can use to manage and store their secrets used in applications hosted on AWS services. In the dashboard users can create keys, retrieve them and audit key usage through detailed information offered to them
Cons
Con Uses its own crypto library
Red October uses its own crypto implementation in to encrypt secrets. While it's not necessarily a security risk, it would be safer to use a crypto library that has proven it's worth and that has been used for a long time in a lot of projects.
Con Does not generate certificates
KMS does not generate certificates, in order to generate them you have to roll out your own solution.