Cloud Experts Documentation

KMS

Creating a ROSA HCP cluster with custom KMS key

This guide walks you through deploying a Red Hat OpenShift Service on AWS (ROSA) with Hosted Control Planes (HCP) using a customer-managed AWS KMS key. The KMS key can be used to encrypt: Worker node root volumes etcd database (control plane encryption) PersistentVolumes (via custom StorageClass) Tip: For official documentation, see Creating ROSA HCP clusters using a custom AWS KMS encryption key . Note: This guide is specifically for ROSA with Hosted Control Planes (HCP).

Interested in contributing to these docs?

Collaboration drives progress. Help improve our documentation The Red Hat Way.

GitHub
Red Hat logo LinkedIn YouTube Facebook Twitter

Products

Tools

Try, buy & sell

Communicate

About Red Hat

We’re the world’s leading provider of enterprise open source solutions—including Linux, cloud, container, and Kubernetes. We deliver hardened solutions that make it easier for enterprises to work across platforms and environments, from the core datacenter to the network edge.

Subscribe to our newsletter, Red Hat Shares

Sign up now © 2026 Red Hat