Key Management Service

T CloudSecurity

Managed encryption-key service with HSM-backed customer master keys, automatic key rotation, envelope-encryption helpers, and audit logs of every key operation — used by OBS, EVS, and RDS for at-rest encryption

FluffyStack tools
Add to Service BuilderAdd to CompareCompare with equivalentsExplore T Cloud in TreemapExplore security in HoneycombSee T Cloud regions on the World MapSee security as a networkScore jurisdiction exposure
DocumentationPricingT Cloud website

Jurisdictional exposure

Provider HQ
EUBonn, Germany

Subject to GDPR, Data Act, DGA

Region locations
EEAEU3 regions across 2 jurisdictions
Sovereign option
Yes — 3 sovereign-flagged regions available
Full scorecard for this service →EU lens detail →Sovereign cloud coverage map →

Sub-services (2)

Customer Master Keys

HSM-backed symmetric and asymmetric keys

Automatic Rotation

Schedule-driven key rotation with previous-key retention

Compliance & Certifications

This service is attested for the following frameworks. Always verify with the provider before relying on a specific compliance posture.

GDPRSOC 2ISO 27001PCI DSSC5TISAX

Where this runs

3 regions
3 countries
3sovereign
Sovereign regions (3)
  • EU-DE - Biere / Magdeburg · BiereT Cloud Public Sovereign
  • EU-NL - Amsterdam · AmsterdamT Cloud Public Sovereign
  • EU-CH2 - Switzerland · ZurichT Cloud Public Sovereign (Swiss SKU)

Tags

kmsencryptionhsmkey-managementsovereign-eu

Equivalent services on other platforms

AWS KMSAWS

Create and manage cryptographic keys for encryption at rest and in transit with AWS-managed, customer-managed, and imported keys, automatic rotation, and FIPS 140-2 validated HSMs

Azure Key VaultAzure

Centralised vault for cryptographic keys, secrets, and certificates with HSM-backed keys, managed certificate renewal, and RBAC or access-policy enforcement

Cloud KMSGCP

Cloud-hosted key management for encryption at rest with symmetric and asymmetric keys, customer-supplied keys, HSM-backed keys, and automatic rotation

Huawei Data Encryption Workshop (DEW)Huawei

Unified cryptographic services including Key Management Service for envelope encryption, Cloud Secret Management Service for secret storage and rotation, Key Pair Service for SSH key management, and Dedicated HSM for FIPS 140-2 Level 3 workloads

OCI VaultOracle

Centralised key and secret management service with HSM-backed symmetric and asymmetric keys, automatic rotation, and envelope encryption for OCI resources

Tencent Key Management ServiceTencent

Managed cryptographic key service with customer master keys (CMKs), envelope encryption for Tencent services, automatic and manual rotation, imported key material (BYOK), Managed HSM for single-tenant FIPS 140-2 Level 3 compliance, and audit logging via CloudAudit

Pricing

Pricing model:per-key-per-month