Key Management secrets engine
The Key Management secrets engine provides a consistent workflow for distribution and lifecycle management of cryptographic keys.
Use case
Key management
Standardize distribution workflow and lifecycle management across KMS providers.
Challenge
Managing encryption keys at scale is difficult and time consuming
Many cloud providers offer a key management service (KMS), where encryption keys can be issued and stored for maintaining a root of trust. However, this often leads to manual lifecycle management work when you are looking to bring your own keys.
Solution
The Key Management secrets engine provides an API abstraction layer and offers a standardized workflow for distribution and lifecycle management of cryptographic keys in various KMS providers. It allows organizations to greatly simplify the lifecycle management of keys Vault has distributed and maintains centralized control of those keys in Vault, while still taking advantage of cryptographic capabilities native to the KMS providers such as AWS KMS, Microsoft Azure Key Vault, and Google Cloud KMS.
Resources
Docs
Explore all
Tutorials
Explore all
Key Management secrets engine with Azure Key Vault
The Vault Key Management secrets engine provides distribution and lifecycle management features for Azure Key Vault.
Key Management secrets engine with GCP Cloud KMS
The Vault Key Management secrets engine provides distribution and lifecycle management features for GCP Cloud Key Management Service.
KMIP Secrets Engine
The KMIP secrets engine enables Vault to act as a KMIP server for clients that retrieve cryptographic keys for encrypting data.
Bring your own key with Vault
Use Vault to generate a key for native cloud key management services. In this session, we'll show how to generate a new key with Vault and bring that into an existing KMS.