Encryption Keys

The Akeyless Vault Platform combines the capabilities of an HSM and a KMS to provide enhanced key-life cycle management, including cryptographic key generation, protection, versioning/rotation, and using keys with Encryption-as-a-Service and Digital Signing functions.

Akeyless Vault supports a wide range of encryption keys , including:

  • AES128GCM
  • AES256GCM
  • AES128SIV
  • AES256SIV
  • RSA1024
  • RSA2048

The typical flow for working with Encryption Keys is:

  • Create an Encryption Key: Get started by creating a new Encryption Key.
$ akeyless create-key -n MyAES128GCMKey -a AES128GCM 
=====================
Encryption Key Fragment #0 created successfully in 428ns milliseconds
Encryption Key Fragment #1 created successfully in 429ns milliseconds
=====================
A new AES128GCM key named MyAES128GCMKey was successfully created
$ akeyless create-key -n MyAES256GCMKey -a AES256GCM 
=====================
Encryption Key Fragment #0 created successfully in 428ns milliseconds
Encryption Key Fragment #1 created successfully in 429ns milliseconds
=====================
A new AES256GCM key named MyAES256GCMKey was successfully created
$ akeyless create-key -n MyAES128SIVKey -a AES128SIV 

=====================
Encryption Key Fragment #0 created successfully in 383ns milliseconds
Encryption Key Fragment #1 created successfully in 384ns milliseconds
=====================
A new AES128SIV key named MyAES128SIVKey was successfully created
$ akeyless create-key -n MyAES256SIVKey -a AES256SIV 

=====================
Encryption Key Fragment #0 created successfully in 383ns milliseconds
Encryption Key Fragment #1 created successfully in 384ns milliseconds
=====================
A new AES256SIV key named MyAES256SIVKey was successfully created
$ akeyless create-key -n MyRSAKey -a RSA1024

=====================
Encryption Key Fragment #0 created successfully in 1.273µs milliseconds
Encryption Key Fragment #1 created successfully in 1.274µs milliseconds
=====================
A new RSA1024 key named MyRSAKey was successfully created
$ akeyless create-key -n MyRSAKey -a RSA2048

=====================
Encryption Key Fragment #0 created successfully in 1.273µs milliseconds
Encryption Key Fragment #1 created successfully in 1.274µs milliseconds
=====================
A new RSA2048 key named MyRSAKey was successfully created

👍

Tip:

To list all available options for key creation run this command: akeyless create-key -h

  • Rotate an Encryption Key: When required, rotate an AES Encryption Key to generate another version of the key.
$ akeyless rotate-key -n MyAES256SIVKey
Key MyAES256SIVKey has been rotated successfully, new version: 2
  • Delete an Encryption Key: Delete an obsolete Encryption Key or an obsolete version of an Encryption Key.
$ akeyless delete-item -n MyAES256SIVKey            
Item MyAES256SIVKey set to be deleted on 2021-03-15 09:49:59.165173437 +0000 UTC
$ akeyless delete-item -n MyAES256SIVKey --version=1
Item MyAES256SIVKey version 1 set to be deleted on 2021-03-15 09:49:17.539641769 +0000 UTC
  • Get the public key from your RSA encryption key:
$ akeyless get-rsa-public -n MyRSAKey
- RAW: MIGfMA0GCSqGSI....QDANpBrvTLb0RaEsPbqhaV3m/13T5trDmW1J0M....Dca2/qoT99uLoObUySkRzXqcYl...3LnVRTP2TfgHrB+9PBMFbFa49ioQ3ri9THQIDAQAB
- SSH: ssh-rsa AAAAB3NzaC1yc2EAAAA....haV3m/13T5trDmW1J0MPfhbfX0Xf1BF+....ZL8cJoADca2/qoT99uLoObUySkRzXqcYlS....HqtP3LnVRTP2TfgHrB+9PBMFbFa49ioQ3ri9THQ==

Did this page help you?