Encryption & Key Management Overview

The Akeyless Vault Platform combines the capabilities of a Hardware Security Module (HSM) and a Key Management Service (KMS) to provide enhanced encryption key lifecycle management. You can generate, protect, rotate, and delete keys, as well as use them with Encryption-as-a-Service and Digital Signing functions.

When you create a key in Akeyless, you can choose to encrypt it using Akeyless Distributed Fragments Cryptography™, our unique FIPS-certified encryption key management technology. With Akeyless DFC™, your encryption key is created as fragments across different regions and on different cloud providers. The key never exists as a whole, not even when it is used. For more information, see Encryption Keys.

If you want to share an encryption key with a cloud KMS provider, create it as a classic key. Once you share a classic key with a cloud KMS, you can use it as you would any key generated by the cloud provider (for example, to encrypt a database), while simultaneously enjoying the security and centralized management provided by Akeyless. For more information, see Classic Keys.