Keys and certificates are used routinely and widely in IT environments to secure the transmission and encryption of data. In order to manage the multitude of keys and certificates efficiently, a central key management system (KMS) is essential.
Any company that runs business-critical applications and works with sensitive data relies on a large number of keys and certificates. It is critical to security that these are well secured and meticulous control is exercised over who has access and who uses them. However, such security management can become quite complex.
Wouldn't it be great to manage cryptographic keys and certificates centrally? Well, that is just the thing! What is needed for this is a powerful key management system to take care of the secrets. A secret can be a username with password, but also a key or a certificate. Obviously, this information should not be stored in any configuration file or as part of the source code.
The task of a KMS is therefore to manage which application and with which role has access to a secret from where and to store these secrets securely. The KMS logs every access and thus allows monitoring of the use of keys. Furthermore, a KMS enables the validity of the cryptographic algorithms used to be monitored centrally.
All this sounds fairly complicated and expensive - but it doesn't have to be! What if KMS were available as a service? That's exactly what we have: With HashiCorp's Vault solution, apectra can now offer KMS as a Service.This gives our customers full control over their secrets and encrypted data without having to set up and run complicated and costly systems themselves. KMS, by the way, is just one element of HashiCorp's Vault. In upcoming articles, we will introduce other services such as Public Key Infrastructure (PKI) or KMIP.
In the following whiteboard video, Armon Dadgar, founder and Co-CTO of HashiCorp, gives a comprehensive introduction to Vault and its functionality: