The Akeyless Dev Hub

If you're looking for help with the only zero-trust, SaaS, unified platform for secrets management - you've come to the right place.

This is our documentation and updates center.


Akeyless Distributed Fragments Cryptography

Fragments of a single Encryption Key that are stored in
different cloud providers and are NEVER combined

Your Key NEVER exists as a whole.

Meet our patent-pending technology, named DFC - Distributed Fragments Cryptography.
DFC enables us to perform cryptographic operations using fragments of an encryption key, without EVER combining the key fragments. As it is illustrated above, our technology allows us to store fragments of an encryption key in different regions on different cloud providers and never combine those fragments.

Q: So you're basically using key-split? Shamir's secret sharing?

  • Answer: NO. We're definitely not. The known weakness of any split method is that whenever you wish to encrypt/decrypt any data, you MUST combine the fragments of the key. When you do so, a malicious attacker could potentially gain access to your constructed key and then - your key is compromised. It's game over. This is why, using Akeyless DFC, the key is never constructed, not even during the encryption/decryption process, meaning, the key never exist as a whole.

Key Fragments are constantly refreshed.

An encryption key is basically a very high numeric value. Let's say that fragments of that value would have the sub-value of X, Y, and Z, where X+Y+Z equals the key. Now, assume that every period of time, the values of X, Y, and Z are changing to A, B and C, where A+B+C = X+Y+Z = the Key. This would mean that a malicious attacker who wishes to gain access to our key would need to access all of the key's fragments at the same time, in a simultaneous attack vector.

Updated 11 days ago

Akeyless Distributed Fragments Cryptography

Suggested Edits are limited on API Reference Pages

You can only suggest edits to Markdown body content, but not to the API spec.