Open main menu
Home
Random
Recent changes
Special pages
Community portal
Preferences
About Wikipedia
Disclaimers
Incubator escapee wiki
Search
User menu
Talk
Dark mode
Contributions
Create account
Log in
Editing
Key management
(section)
Warning:
You are not logged in. Your IP address will be publicly visible if you make any edits. If you
log in
or
create an account
, your edits will be attributed to your username, along with other benefits.
Anti-spam check. Do
not
fill this in!
===Non-KMIP-compliant key management=== ====Open source==== * Barbican, the OpenStack security API.<ref>{{Cite web|url=https://wiki.openstack.org/wiki/Barbican|title = Barbican - OpenStack}}</ref> * KeyBox - web-based SSH access and key management.<ref>[http://sshkeybox.com/ SSHKeyBox - Services and Products]</ref> * EPKS - Echo Public Key Share, system to share encryption keys online in a p2p community.<ref>{{Cite web |url=https://en.wikibooks.org/wiki/Big_Seven_Study |title=Big Seven Crypto Study - Wikibooks, open books for an open world |access-date=2016-07-16 |archive-date=2016-08-09 |archive-url=https://web.archive.org/web/20160809235221/https://en.wikibooks.org/wiki/Big_Seven_Study |url-status=dead }}</ref> * Kmc-Subset137<ref>{{cite web |title= KMC-Subject137 Library Project |url=http://www.kmc-subset137.eu/ |website=KMC-Subset137 Project |access-date=14 July 2024}}</ref> - key management system implementing UNISIG Subset-137 <ref>{{Cite web | url=http://www.era.europa.eu/Document-Register/Documents/SUBSET-137%20v100.pdf | title=On-line Key Management FFFIS | archive-url=https://web.archive.org/web/20180727110424/http://www.era.europa.eu/Document-Register/Documents/SUBSET-137%20v100.pdf | archive-date=2018-07-27}}</ref> for [[ERTMS]]/[[ETCS]] railway application. * [[privacyIDEA]] - two factor management with support for managing SSH keys.<ref>[http://privacyidea.org Authentication System privacyIDEA]</ref> * StrongKey - open source, last updated on SourceForge in 2016.<ref>{{Cite web|url=http://sourceforge.net/projects/strongkey/|title=StrongKey|date=6 April 2016 }}</ref> There is no more maintenance on this project according to its home page. * Vault - secret server from [[HashiCorp]].<ref>[http://vaultproject.io/ Manage secrets and protect sensitive data with Vault]</ref> * [https://nucypher.com/ NuCypher] * [https://secrethub.io/ SecretHub] - end-to-end encrypted SaaS key management * [https://infisical.com/ Infisical] - end-to-end open-source secret management platform. ====Closed source==== * Amazon Web Service (AWS) Key Management Service (KMS) <ref>{{cite web | url=https://aws.amazon.com/kms/ | title=Key Management Service (AWS KMS) - Amazon Web Services (AWS) }}</ref> * Bell ID Key Manager<ref>{{cite web |url=http://www.bellid.com/products/key-manager |title=Key Management System |publisher=Bell ID |access-date=2014-01-17 |url-status=dead |archive-url=https://archive.today/20140117141733/http://www.bellid.com/products/key-manager |archive-date=2014-01-17 }}</ref> * Bloombase KeyCastle<ref name="bloombase.com">{{Cite web|url=https://www.bloombase.com/products/keycastle|title = Bloombase KeyCastle - Enterprise Key Life-Cycle Management - Bloombase - Intelligent Storage Firewall}}</ref> * [[Cryptomathic|Cryptomathic CKMS]]<ref name="Cryptomathic Key">{{cite web|last1=Landrock|first1=Peter|title=Cryptomathic Key Management System|url=http://www.cryptomathic.com/products/key-management/crypto-key-management-system|website=cryptomathic.com/|publisher=Cryptomathic|access-date=April 20, 2015}}</ref> * [https://doppler.com Doppler SecretOps Platform]<ref>{{Cite web |title=Doppler {{!}} SecretOps Platform |url=https://www.doppler.com/ |access-date=2022-08-26 |website=www.doppler.com |language=en}}</ref> * [https://netlibsecurity.com/enterprise-manager/ Encryptionizer Key Manager (Windows only)] * [https://cloud.google.com/security-key-management Google Cloud Key Management] * IBM Cloud Key Protect <ref>{{cite web | url=https://cloud.ibm.com/docs/services/key-protect?topic=key-protect-about | title=IBM Cloud Docs }}</ref> * Microsoft Azure Key Vault<ref>{{cite web | url=https://azure.microsoft.com/en-us/documentation/articles/key-vault-whatis/ | title=What is Azure Key Vault? | date=18 December 2022 }}</ref> * Porticor Virtual Private Data<ref>{{cite web |url=http://www.porticor.com/porticor-virtual-private-data/ |title=About Virtual Private Data |publisher=Porticor.com |access-date=2013-08-06 |url-status=dead |archive-url=https://web.archive.org/web/20130731062455/http://www.porticor.com/porticor-virtual-private-data |archive-date=2013-07-31 }}</ref> * [[SSH Communications Security]] Universal SSH Key Manager<ref>{{cite web | url=http://www.ssh.com/products/universal-ssh-key-manager | title=UKM Zero Trust SSH Encryption Key Management }}</ref> * [https://cpl.thalesgroup.com/encryption/ciphertrust-manager CipherTrust Manager] * [https://www.akeyless.io/ Akeyless Vault]<ref>{{cite web | url=https://docs.akeyless.io/docs/encryption-key-management-overview | title=Encryption & Key Management Overview }}</ref> ====KMS security policy==== The security policy of a key management system provides the rules that are to be used to protect keys and metadata that the key management system supports. As defined by the National Institute of Standards and Technology [[NIST]], the policy shall establish and specify rules for this information that will protect its:<ref name="Reinholm-KeyManagementCompliance" /> * Confidentiality * Integrity * Availability * Authentication of source<ref name="NIST-KeyManagementSystems">{{cite web|last1=Barker|first1=Elaine|last2=Smid|first2=Miles|last3=Branstad|first3=Dennis|last4=Chokhani|first4=Santosh|title=NIST Special Publication 800 -130: A Framework for Designing Cryptographic Key Management Systems|url=http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-130.pdf|publisher=National Institute of Standards and Technology|access-date=30 May 2016}}</ref> This protection covers the complete key life-cycle from the time the key becomes operational to its elimination.<ref name="Turner-What-is-key-management" /> ====Bring your own encryption / key==== {{main|Bring your own encryption}} ''Bring your own encryption'' (BYOE)—also called ''bring your own key'' (BYOK)—refers to a cloud-computing security model to allow public-cloud customers to use their own encryption software and manage their own encryption keys. This security model is usually considered a marketing stunt, as critical keys are being handed over to third parties (cloud providers) and key owners are still left with the operational burden of generating, rotating and sharing their keys.
Edit summary
(Briefly describe your changes)
By publishing changes, you agree to the
Terms of Use
, and you irrevocably agree to release your contribution under the
CC BY-SA 4.0 License
and the
GFDL
. You agree that a hyperlink or URL is sufficient attribution under the Creative Commons license.
Cancel
Editing help
(opens in new window)