Cloud key management
This section explores how cloud key management works and the tools available on .
Cloud key management enables you to create and manage cryptographic keys and perform cryptographic operations from a single centralized cloud service. Each service is designed to help you complete different tasks or better integrate with specific applications.
The supports BYOK functionality for cloud-provider use cases. You can generate keys locally by using the HSM entropy source and then push them to a cloud provider. designates these cloud keys as HSM-protected keys.
The BYOK functionality enables you to manage your cloud keys in the same place as your local working keys. The generates and manages your cloud keys, but the keys exist for cryptographic operations on the cloud-provider side and not on .
The Google EKM service is an exception to this rule. Integrating your through Google EKM enables the to host and manage your cloud keys. Review our Google Cloud EKM page for more information.
We designed to help you handle all of the complexities of cloud key management, including creating, importing, and managing cryptographic keys from a single centralized cloud service.
When you use the , your keys are already stored on servers, and you can integrate other third-party cloud management services as needed.
We support a range of integrated third-party tools to enable you to run your workflow effectively. We regularly add more services and update our existing third-party features.
To learn more about managing cloud keys through these services, explore the Integrated services section of this guide for a full list of every third-party tool available on .
The following guides help you leverage the full capabilities of your cloud key management infrastructure, providing step-by-step instructions and best practices for seamless integration with cloud key management services: