Skip to content
Navigation Menu

IBM Cloud

  • CatalogCatalog
  • Cost EstimatorCost Estimator
  • DocsDocs
  • Catalog
  • Cost Estimator
  • Docs

  • Navigation settings
Confirm
Do you want to log out?
CancelLog out

Error

Two-factor AuthenticationAuthentication Failed

Please answer the security question you selected for the following account:

Two-factor authentication is enabled for the following account:

Phone authentication is enabled for the following account:

  • Loading...
    Need help? Call us at 1-866-325-0045 and select option 2.

    Please wait for phone authentication...

    Invalid answer provided for security question. Please try again or cancel the action.

    Invalid code provided. Please try again or cancel the action.

    Phone authentication is timed out, Please cancel the action and try again later.

    Too many fail attempts. Please cancel the action and try again later.

    Authentication failed. Please try again or cancel the action.

    • Log in
    • Sign up
    1. Catalog
    2. Services

    Key Protect

    • IBM
    • Date of last update: 04/12/2021
    • Docs
    • API docs

    Pricing plans

    PlanFeaturesPricing

    Summary

    Key Protect

      Already have an account? Log in
      Type
      • Service
      Provider
      • IBM
      Category
      • Security
      Compliance
      • HIPAA Enabled
      • IAM-enabled
      • Service Endpoint Supported
      Related links
      • API docs
      • Docs
      • Terms

      Summary

      Key Protect is a cloud-based security service that provides life cycle management for encryption keys that are used in IBM Cloud services or customer-built applications. Key Protect provides roots of trust (RoT), backed by a hardware security module (HSM).

      Features

      Customer-managed Encryption

      You can enable the security benefits of Bring Your Own Key (BYOK) by importing your own root of trust encryption keys, called Customer Root Keys (CRKs), into the service. With the Key Protect API, you can use a CRK to wrap (encrypt) and unwrap (decrypt) the keys that are associated with your data resources, so you control the security of your encrypted data in the cloud.

      Flexible

      You can generate, store, and manage your keys with a secure, application-friendly, cloud-based key management solution for encryption keys.

      Secure

      Keys are wrapped by keys that are, in turn, protected by a cloud-based HSM. The HSMs are at FIPS-140-2 Level 3. When keys are deleted, they can never be recovered, and any data that is encrypted under those keys can't be recovered. All programmatic interfaces are secured by TLS and mutual authentication.

      Scalable

      Whether you are a developer who requires only a few keys or a large enterprise that needs millions, Key Protect can scale to your needs.

      Application Independence

      When you write applications, Key Protect's standard programmatic APIs generate, store, retrieve, and manage your keys, independent of your application's logic. For example, you can create applications that encrypt data in custom databases, or use encrypted block storage in an application-specific format.