Key Protect is a cloud-based security service that provides life cycle management for encryption keys that are used in IBM Cloud services or customer-built applications. Key Protect provides roots of trust (RoT), backed by a hardware security module (HSM).

Fully control and strengthen your key management practices by securely exporting symmetric keys from your internal key management infrastructure into IBM Cloud.

Provision and store keys using FIPS 140-2 Level 3 certified hardware security modules (HSMs). Leverage Identity and Access Management (IAM) roles to provide fine-grain access control to your keys.

Use the IBM Cloud Monitoring service and Activity Tracker to measure how users and applications interact with Key Protect.

Track subscription and credit spending for all accounts from a single view.

Create or import root and standard keys protect your data.

Apps on or outside IBM Cloud can integrate with the Key Protect APIs. Key Protect integrates easily with a variety of IBM database, storage, container, and ingestion services.

Deleted keys, and their encrypted data, can never be recovered. Manage your user roles, key states, and set a rotation schedule that works for your use case using the UI, CLI, or API.

Generate, store, retrieve and manage keys independent of application logic.

Key Protect with Cross-region Resiliency offers enhanced availability through cross-region replication and automatic failover.