Encryption & Key Management Overview

The Akeyless Platform combines the capabilities of a Hardware Security Module (HSM) and a Key Management Service (KMS) with a built-in KMIP Server to provide enhanced encryption key lifecycle management. You can generate, protect, rotate, and delete keys, as well as use them with Encryption-as-a-Service and Digital Signing functions.

There are two general types of keys available for creation and use:

  • Classic keys: If you want to Bring Your Own Key to a cloud KMS provider, you can create it as a Classic Key. Once you share Classic Keys with a cloud KMS, you can easily manage all your Keys directly from the Akeyless Platform while using them inside your cloud services directly from your Cloud KMS while simultaneously enjoying the security and centralized management provided by Akeyless. For more information, see Classic Keys.

  • DFC™ keys: A key in Akeyless, by default, will be encrypted using Akeyless Distributed Fragments Cryptography™, our unique FIPS-certified encryption key management technology. With Akeyless DFC™, your encryption key is created as fragments across different regions and on different cloud providers. The key never exists as a whole, not even when it is used. For more information, see Encryption Keys.

Each type has its own sub-types and unique uses that will be elaborated upon in their own pages.


Check out our tutorial video on Creating and Rotating Encryption Keys.