Cryptographic key management with HSM-backed key material, ANSSI-cleared envelope-encryption workflow, and integration with block storage, object storage, and managed databases for at-rest encryption
Jurisdictional exposure
Sub-services (2)
Customer-Managed Keys
HSM-backed keys under customer control
Dedicated HSM
Single-tenant HSM appliances for the strictest sovereignty tiers
Compliance & Certifications
This service is attested for the following frameworks. Always verify with the provider before relying on a specific compliance posture.
Where this runs
Sovereign regions (2)
- Cloud Temple Paris · ParisSecNumCloud
- Cloud Temple Marseille · MarseilleSecNumCloud
Tags
Equivalent services on other platforms
Create and manage cryptographic keys for encryption at rest and in transit with AWS-managed, customer-managed, and imported keys, automatic rotation, and FIPS 140-2 validated HSMs
Fully managed service to store, rotate, and audit secrets such as database credentials, API keys, and OAuth tokens with native rotation Lambda integrations for RDS, Redshift, and DocumentDB
Centralised vault for cryptographic keys, secrets, and certificates with HSM-backed keys, managed certificate renewal, and RBAC or access-policy enforcement
Cloud-hosted key management for encryption at rest with symmetric and asymmetric keys, customer-supplied keys, HSM-backed keys, and automatic rotation
Fully managed secret storage with automatic replication across regions, VPC Service Controls integration, CMEK encryption, version history, per-secret IAM, and rotation via Cloud Scheduler plus Cloud Run hooks — used by GKE, Cloud Run, and Compute Engine workloads
Unified cryptographic services including Key Management Service for envelope encryption, Cloud Secret Management Service for secret storage and rotation, Key Pair Service for SSH key management, and Dedicated HSM for FIPS 140-2 Level 3 workloads
Key management service for symmetric and asymmetric keys, certificates, and other secret material — pluggable backends include software KMS, HSM via PKCS#11, Vault, and KMIP-compliant appliances. Equivalent to AWS KMS / Azure Key Vault / Cloud KMS in the cross-provider mapping
Centralised key and secret management service with HSM-backed symmetric and asymmetric keys, automatic rotation, and envelope encryption for OCI resources
Managed encryption-key service with HSM-backed customer master keys, automatic key rotation, envelope-encryption helpers, and audit logs of every key operation — used by OBS, EVS, and RDS for at-rest encryption
Encrypted storage for application secrets (API keys, database credentials, certificates) with versioning, rotation, and access-control via IAM policies
Managed encryption-key service for envelope encryption, with customer-managed keys (CMKs), HSM-backed key generation, and integration with Object Storage and Block Storage for at-rest encryption
Managed encryption-key service with customer-managed keys, HSM-backed key generation, and integration with STACKIT Object / Block / File Storage for at-rest encryption
Encrypted storage for application secrets (API keys, database credentials, certificates) with versioning, rotation, and access-control via STACKIT IAM
Managed cryptographic key service with customer master keys (CMKs), envelope encryption for Tencent services, automatic and manual rotation, imported key material (BYOK), Managed HSM for single-tenant FIPS 140-2 Level 3 compliance, and audit logging via CloudAudit