Encryption & Key Management Overview

The Akeyless Vault Platform combines the capabilities of a Hardware Security Module (HSM) and a Key Management Service (KMS) with a built-in KMIP Server to provide enhanced encryption key lifecycle management. You can generate, protect, rotate, and delete keys, as well as use them with Encryption-as-a-Service and Digital Signing functions.

When you create a key in Akeyless, by default, your Key will be encrypted using Akeyless Distributed Fragments Cryptography™, our unique FIPS-certified encryption key management technology. With Akeyless DFC™, your encryption key is created as fragments across different regions and on different cloud providers. The key never exists as a whole, not even when it is used. For more information, see Encryption Keys.

If you want to share an encryption key with a cloud KMS provider, you can create it as a Classic Key. Once you share Classic Keys with a cloud KMS, you can easily manage all your Keys directly from the Akeyless Platform while using them inside your cloud services directly from your Cloud KMS while simultaneously enjoying the security and centralized management provided by Akeyless. For more information, see Classic Keys.


Did this page help you?