STACKIT Key Management Service

Name: STACKIT Key Management Service
Brand: STACKIT

Managed encryption-key service with customer-managed keys, HSM-backed key generation, and integration with STACKIT Object / Block / File Storage for at-rest encryption

FluffyStack tools

Add to Service Builder Add to Compare Compare with equivalents Explore STACKIT in Treemap Explore security in Honeycomb See STACKIT regions on the World Map See security as a network Score jurisdiction exposure

Documentation Pricing STACKIT website

Jurisdictional exposure

Provider HQ

EUHeilbronn, Germany

Subject to GDPR, Data Act, DGA

Region locations

EU2 regions

Sovereign option

Yes — 2 sovereign-flagged regions available

Full scorecard for this service →EU lens detail →Sovereign cloud coverage map →

Sub-services (2)

Customer-Managed Keys

Encryption keys with customer-controlled rotation

Envelope Encryption

Two-tier encryption with data keys wrapped by master keys

Compliance & Certifications

This service is attested for the following frameworks. Always verify with the provider before relying on a specific compliance posture.

GDPR ISO 27001 C5

Where this runs

2 regions

1 country

2sovereign

Sovereign regions (2)

Europe 1 (Frankenthal) · FrankenthalSTACKIT EU Sovereign Cloud (DE)
Europe 2 (Heilbronn) · HeilbronnSTACKIT EU Sovereign Cloud (DE)

Equivalent services on other platforms

AWS KMSAWS

Create and manage cryptographic keys for encryption at rest and in transit with AWS-managed, customer-managed, and imported keys, automatic rotation, and FIPS 140-2 validated HSMs

Azure Key VaultAzure

Centralised vault for cryptographic keys, secrets, and certificates with HSM-backed keys, managed certificate renewal, and RBAC or access-policy enforcement

Cloud KMSGCP

Cloud-hosted key management for encryption at rest with symmetric and asymmetric keys, customer-supplied keys, HSM-backed keys, and automatic rotation

OCI VaultOracle

Centralised key and secret management service with HSM-backed symmetric and asymmetric keys, automatic rotation, and envelope encryption for OCI resources

Scaleway Key ManagerScaleway

Managed encryption-key service for envelope encryption, with customer-managed keys (CMKs), HSM-backed key generation, and integration with Object Storage and Block Storage for at-rest encryption

Pricing

Pricing model:per-key-month-plus-operations