Overview

The Akeyless Platform combines the capabilities of a Hardware Security Module (HSM) and a Key Management Service (KMS) with a built-in KMIP Server to provide enhanced encryption key lifecycle management. You can generate, protect, rotate, and delete keys, as well as use them with Encryption-as-a-Service and Digital Signing functions.

There are two general types of keys available for creation and use:

• Classic keys: If you want to Bring Your Own Key to a Cloud KMS provider, you can create it as a Classic Key. Once you share Classic Keys with a Cloud KMS, you can manage all your keys directly from the Akeyless Platform while using them in your cloud services through your Cloud KMS. For more information, see Classic Keys.

• DFC™ keys: A key in Akeyless, by default, will be encrypted using Akeyless Distributed Fragments Cryptography™, our unique FIPS-certified encryption key management technology. With Akeyless DFC™, your encryption key is created as fragments across different regions and on different cloud providers. The key never exists as a whole, not even when it is used. For more information, see Encryption Keys.

Each type has its own sub-types and unique uses that will be elaborated upon in their own pages.

Tutorial

Check out our tutorial video on Creating and Rotating Encryption Keys.