Skip to content
Menu

IBM Cloud

  • Catalog
  • Docs

  • Catalog
  • Docs
Confirm
×
Do you want to log out?
CancelLog out
×
Back
NextClose
Error
×
Close

Two-factor authentication

Account Login

Please answer the security question that you selected.

Your account has two-factor authentication enabled for one or more accounts. This two-factor authentication applies only to the resources in your Infrastructure account.

Phone Authentication

Please wait for phone authentication...

  • Log in
  • Sign up

View all

Key Protect

IBM

Key Protect is a cloud-based security service that provides life cycle management for encryption keys that are used in IBM Cloud services or customer-built applications. Key Protect provides roots of trust (RoT), backed by a hardware security module (HSM).

View DocsView API DocsTerms
AuthorIBM
Published02/04/2019
TypeService
Features
Customer-managed Encryption
You can enable the security benefits of Bring Your Own Key (BYOK) by importing your own root of trust encryption keys, called Customer Root Keys (CRKs), into the service. With the Key Protect API, you can use a CRK to wrap (encrypt) and unwrap (decrypt) the keys that are associated with your data resources, so you control the security of your encrypted data in the cloud.
Flexible
You can generate, store, and manage your keys with a secure, application-friendly, cloud-based key management solution for encryption keys.
Secure
Keys are wrapped by keys that are, in turn, protected by a cloud-based HSM. The HSMs are at FIPS-140-2 Level 2. When keys are deleted, they can never be recovered, and any data that is encrypted under those keys can't be recovered. All programmatic interfaces are secured by TLS and mutual authentication.
Scalable
Whether you are a developer who requires only a few keys or a large enterprise that needs millions, Key Protect can scale to your needs.
Application Independence
When you write applications, Key Protect's standard programmatic APIs generate, store, retrieve, and manage your keys, independent of your application's logic. For example, you can create applications that encrypt data in custom databases, or use encrypted block storage in an application-specific format.
Images
Images can be screen captures, slides, or videos. Click an image to view the details.
Manage the lifecycle of your encryption keys
Generate new keys backed by cloud-based HSMs
Bring your own Customer Root Keys
Delete a key and its associated data

Need Help?

Contact IBM Cloud Support

Need Help?

Contact IBM Cloud Support

Already have an account?

Log in