Skip to content
Navigation Menu

IBM Cloud

  • CatalogCatalog
  • Cost EstimatorCost Estimator
    • HelpHelp
      • Docs
  • Log in
  • Sign up
  • Catalog
  • Cost Estimator
  • Help
    • Docs

  • Navigation settings

Error

Change theme

This feature is in early stage, some parts of the platform might not fully support different themes yet.

Themes
  1. Catalog

Key Protect

Create or manage cryptographic keys in the cloud to protect data at rest.

  • Date of last update: 04/25/2025
  • Docs
  • API docs
  • Service
  • IBM
  • 04/25/2025
  • Security
  • EU Supported
  • Financial Services Validated
  • HIPAA Enabled
  • IAM-enabled
  • Service Endpoint Supported
  • API docs
  • Docs
  • Terms

Pricing plans

PlanFeatures and capabilitiesPricing

  • Service
  • IBM
  • 04/25/2025
  • Security
  • EU Supported
  • Financial Services Validated
  • HIPAA Enabled
  • IAM-enabled
  • Service Endpoint Supported
  • API docs
  • Docs
  • Terms

Summary

Key Protect is a cloud-based security service that provides life cycle management for encryption keys that are used in IBM Cloud services or customer-built applications. Key Protect provides roots of trust (RoT), backed by a hardware security module (HSM).

Features and capabilities

Bring your encryption keys to the cloud

Fully control and strengthen your key management practices by securely exporting symmetric keys from your internal key management infrastructure into IBM Cloud.

Robust security

Provision and store keys using FIPS 140-2 Level 3 certified hardware security modules (HSMs). Leverage Identity and Access Management (IAM) roles to provide fine-grain access control to your keys.

Control and visibility

Use the IBM Cloud Monitoring service and Activity Tracker to measure how users and applications interact with Key Protect.

Simplified billing

Track subscription and credit spending for all accounts from a single view.

Self-managed encryption

Create or import root and standard keys protect your data.

Flexibility

Apps on or outside IBM Cloud can integrate with the Key Protect APIs. Key Protect integrates easily with a variety of IBM database, storage, container, and ingestion services.

Built-in protection

Deleted keys, and their encrypted data, can never be recovered. Manage your user roles, key states, and set a rotation schedule that works for your use case using the UI, CLI, or API.

Application-independent

Generate, store, retrieve and manage keys independent of application logic.

Cross-region replication

Key Protect with Cross-region Resiliency offers enhanced availability through cross-region replication and automatic failover.

Getting support


If you're experiencing issues with this product, go to the IBM Cloud Support Center and navigate to creating a case. Use the All products option to search for this product to continue creating the case or to find more information about getting support. Third party and community supported products might direct you to a support process outside of IBM Cloud.

Summary

Key Protect

    Already have an account? Log in