Skip to content
Navigation Menu

IBM Cloud

  • CatalogCatalog
  • Cost EstimatorCost Estimator
    • HelpHelp
      • Docs
  • Log in
  • Sign up
  • Catalog
  • Cost Estimator
  • Help
    • Docs

  • Navigation settings

Error

Change theme

This feature is in early stage, some parts of the platform might not fully support different themes yet.

  1. Catalog

Key Protect

IBM Key Protect for IBM Cloud is a service for managing cryptographic keys, which are used to protect data.

  • Date of last update: 02/02/2023
  • Docs
  • API docs
Type
  • Service
Provider
  • IBM
Last updated
  • 02/02/2023
Category
  • Security
Compliance
  • EU Supported
  • HIPAA Enabled
  • IAM-enabled
  • Service Endpoint Supported
Related links
  • API docs
  • Docs
  • Terms

Pricing plans

PlanFeatures and capabilitiesPricing

Type
  • Service
Provider
  • IBM
Last updated
  • 02/02/2023
Category
  • Security
Compliance
  • EU Supported
  • HIPAA Enabled
  • IAM-enabled
  • Service Endpoint Supported
Related links
  • API docs
  • Docs
  • Terms

Summary

Key Protect is a cloud-based security service that provides life cycle management for encryption keys that are used in IBM Cloud services or customer-built applications. Key Protect provides roots of trust (RoT), backed by a hardware security module (HSM).

Features and capabilities

Customer-managed options

You can enable the security benefits of Bring Your Own Key (BYOK) by importing your own root of trust encryption keys, called Customer Root Keys (CRKs), into the service. With the Key Protect API, you can use a CRK to wrap (encrypt) and unwrap (decrypt) the keys that are associated with your data resources, so you control the security of your encrypted data in the cloud. Customers who want even more control over their encryption keys can deploy an HSM that they own and manage into a Satellite location and use it with Key Protect.

Flexible

You can generate, store, and manage your keys with a secure, application-friendly, cloud-based key management solution for encryption keys.

Secure

Keys are secured by an HSM at FIPS-140-2 Level 3 encryption. Deleted keys can be purged after four hours or will be scheduled to be purged after 90 days. Purged keys cannot be recovered. All programmatic interfaces are secured by TLS and mutual authentication.

Scalable

Whether you are a developer who requires only a few keys or a large enterprise that needs millions, Key Protect can scale to your needs.

Application independence

When you write applications, Key Protect's standard programmatic APIs generate, store, retrieve, and manage your keys, independent of your application's logic. For example, you can create applications that encrypt data in custom databases, or use encrypted block storage in an application-specific format.

Getting support

If you're experiencing issues with this product, go to the IBM Cloud Support Center and navigate to creating a case. Use the All products option to search for this product to continue creating the case or to find more information about getting support. Third party and community supported products might direct you to a support process outside of IBM Cloud.

Summary

Key Protect

    Already have an account? Log in