https://www.terraformpilot.com/tags/post-quantum/Recent content in Post-Quantum on Terraform PilotHugo -- gohugo.ioen-USSun, 12 Apr 2026 10:00:00 +0000https://www.terraformpilot.com/articles/terraform-post-quantum-cryptography/Sun, 12 Apr 2026 10:00:00 +0000https://www.terraformpilot.com/articles/terraform-post-quantum-cryptography/Post-quantum cryptography (PQC) is one of the most practical security shifts underway in 2026. NIST finalized three PQC standards in 2024 (ML-KEM, ML-DSA, SLH-DSA), and AWS is rolling out PQC-capable services. The migration pressure is real — “harvest now, decrypt later” attacks mean data encrypted today could be vulnerable to future quantum computers. This guide shows how to use Terraform to start migrating your AWS infrastructure toward quantum-safe cryptography. The PQC Landscape in 2026 NIST Standard Replaces Purpose AWS Support ML-KEM (Kyber) RSA, ECDH key exchange Key encapsulation KMS, ACM, S2N-TLS ML-DSA (Dilithium) RSA, ECDSA signatures Digital signatures Coming 2026 SLH-DSA (SPHINCS+) RSA, ECDSA (stateless) Hash-based signatures Limited Step 1: TLS Policy with Hybrid PQC AWS ALBs and CloudFront support hybrid PQC TLS policies that combine classical and post-quantum key exchange: