Regions and locations
You can connect your applications with the IBM Cloud® Hyper Protect Crypto Services by specifying a regional service endpoint.
Available regions
Hyper Protect Crypto Services is available in the following regions and locations:
- Dallas, US:
us-south - Frankfurt, Germany:
eu-de - London, UK:
eu-gb- Based on the IBM Cloud Virtual Private Cloud (VPC) infrastructure - Madrid, Spain:
eu-es- Based on the IBM Cloud Virtual Private Cloud (VPC) infrastructure - São-Paulo, Brazil:
br-sao- Based on the IBM Cloud Virtual Private Cloud (VPC) infrastructure - Sydney, Australia:
au-syd- Deprecated - Tokyo, Japan:
jp-tok- Based on the IBM Cloud Virtual Private Cloud (VPC) infrastructure - Toronto, Canada:
ca-tor- Based on the IBM Cloud Virtual Private Cloud (VPC) infrastructure - Washington DC, US:
us-east
You can create Hyper Protect Crypto Services resources in one of the supported IBM Cloud regions, which represent the geographic area where your Hyper Protect Crypto Services requests are handled and processed. To learn more, see Locations, tenancy, and availability.
Currently, service instances in the eu-es region don't support recovery crypto units. When a service instance is provisioned in other supported regions, you are by default enabled with the option to back up your master keys in the
recovery crypto units located in the disaster recovery region. For more information, see Introducing service instance initialization modes.
Connectivity options
Hyper Protect Crypto Services offers two connectivity options for interacting with the service APIs.
- Public endpoints
- By default, you can connect to resources in your account over the IBM Cloud public network. Your data is encrypted in transit by using the Transport Security Layer (TLS) 1.2 protocol.
- Private endpoints
- For added benefits, you can also enable virtual routing and forwarding (VRF) and service endpoints for your infrastructure account. When you enable VRF for your account, you can connect to Hyper Protect Crypto Services by using a private IP that is accessible only through the IBM Cloud private network.
- To learn how to connect to Hyper Protect Crypto Services by using a private endpoint, see Connecting to Hyper Protect Crypto Services on the IBM Cloud private network.
Service endpoints
If you are managing your Hyper Protect Crypto Services resources programmatically, see the following table to determine the API endpoints to use when you connect to the key management service API, Unified Key Orchestrator, PKCS #11 API, and GREP11 API.
Instance-based endpoints
Hyper Protect Crypto Services is continuously replacing port-based API endpoints with instance-based API endpoints. This Endpoint URL scheme change applies to the full set of APIs and all API Endpoints of Hyper Protect Crypto Services created after the corresponding availability date in the following regions listed.
| Region | Availability date | Public key management service endpoints | Public Unified Key Orchestrator service endpoints | Public GREP11 service endpoints |
|---|---|---|---|---|
| Washington DC | April 12, 2024 | <instance_ID>.api.us-east.hs-crypto.appdomain.cloud |
<instance_ID>.uko.us-east.hs-crypto.appdomain.cloud |
<instance_ID>.ep11.us-east.hs-crypto.appdomain.cloud |
| Dallas | May 8, 2024 | <instance_ID>.api.us-south.hs-crypto.appdomain.cloud |
<instance_ID>.uko.us-south.hs-crypto.appdomain.cloud |
<instance_ID>.ep11.us-south.hs-crypto.appdomain.cloud |
| São-Paulo | May 15, 2024 | <instance_ID>.api.br-sao.hs-crypto.appdomain.cloud |
<instance_ID>.uko.br-sao.hs-crypto.appdomain.cloud |
<instance_ID>.ep11.br-sao.hs-crypto.appdomain.cloud |
| Toronto | May 29, 2024 | <instance_ID>.api.ca-tor.hs-crypto.appdomain.cloud |
<instance_ID>.uko.ca-tor.hs-crypto.appdomain.cloud |
<instance_ID>.ep11.ca-tor.hs-crypto.appdomain.cloud |
| London | June 5, 2024 | <INSTANCE_ID>.api.eu-gb.hs-crypto.appdomain.cloud |
<INSTANCE_ID>.uko.eu-gb.hs-crypto.appdomain.cloud |
<INSTANCE_ID>.ep11.eu-gb.hs-crypto.appdomain.cloud |
| Tokyo | June 19, 2024 | <INSTANCE_ID>.api.jp-tok.hs-crypto.appdomain.cloud |
<INSTANCE_ID>.uko.jp-tok.hs-crypto.appdomain.cloud |
<INSTANCE_ID>.ep11.jp-tok.hs-crypto.appdomain.cloud |
| Madrid | July 2, 2024 | <INSTANCE_ID>.api.eu-es.hs-crypto.appdomain.cloud |
<INSTANCE_ID>.uko.eu-es.hs-crypto.appdomain.cloud |
<INSTANCE_ID>.ep11.eu-es.hs-crypto.appdomain.cloud |
| Frankfurt | July 15, 2024 | <INSTANCE_ID>.api.eu-de.hs-crypto.appdomain.cloud |
<INSTANCE_ID>.uko.eu-de.hs-crypto.appdomain.cloud |
<INSTANCE_ID>.ep11.eu-de.hs-crypto.appdomain.cloud |
| Region | Availability date | Private key management service endpoints | Private GREP11 service endpoints |
|---|---|---|---|
| Washington DC | April 12, 2024 | <instance_ID>.api.private.us-east.hs-crypto.appdomain.cloud |
<instance_ID>.ep11.private.us-east.hs-crypto.appdomain.cloud |
| Dallas | May 8, 2024 | <instance_ID>.api.private.us-south.hs-crypto.appdomain.cloud |
<instance_ID>.ep11.private.us-south.hs-crypto.appdomain.cloud |
| São-Paulo | May 15, 2024 | <instance_ID>.api.private.br-sao.hs-crypto.appdomain.cloud |
<instance_ID>.ep11.private.br-sao.hs-crypto.appdomain.cloud |
| Toronto | May 29, 2024 | <instance_ID>.api.private.ca-tor.hs-crypto.appdomain.cloud |
<instance_ID>.ep11.private.ca-tor.hs-crypto.appdomain.cloud |
| London | June 5, 2024 | <instance_ID>.api.private.eu-gb.hs-crypto.appdomain.cloud |
<instance_ID>.ep11.private.eu-gb.hs-crypto.appdomain.cloud |
| Tokyo | June 19, 2024 | <instance_ID>.api.private.jp-tok.hs-crypto.appdomain.cloud |
<instance_ID>.ep11.private.jp-tok.hs-crypto.appdomain.cloud |
| Madrid | July 2, 2024 | <instance_ID>.api.private.eu-es.hs-crypto.appdomain.cloud |
<instance_ID>.ep11.private.eu-es.hs-crypto.appdomain.cloud |
| Frankfurt | July 15, 2024 | <instance_ID>.api.private.eu-de.hs-crypto.appdomain.cloud |
<instance_ID>.ep11.private.eu-de.hs-crypto.appdomain.cloud |
Port-based endpoints
| Region | Public key management service endpoints | Public Unified Key Orchestrator service endpoints | Public GREP11 service endpoints |
|---|---|---|---|
| Dallas | api.us-south.hs-crypto.cloud.ibm.com |
uko.us-south.hs-crypto.cloud.ibm.com |
ep11.us-south.hs-crypto.cloud.ibm.com |
| Frankfurt | api.eu-de.hs-crypto.cloud.ibm.com |
uko.eu-de.hs-crypto.cloud.ibm.com |
ep11.eu-de.hs-crypto.cloud.ibm.com |
| London | api.eu-gb.hs-crypto.cloud.ibm.com |
uko.eu-gb.hs-crypto.cloud.ibm.com |
ep11.eu-gb.hs-crypto.cloud.ibm.com |
| Madrid | api.eu-es.hs-crypto.cloud.ibm.com |
uko.eu-es.hs-crypto.cloud.ibm.com |
ep11.eu-es.hs-crypto.cloud.ibm.com |
| São-Paulo | api.br-sao.hs-crypto.cloud.ibm.com |
uko.br-sao.hs-crypto.cloud.ibm.com |
ep11.br-sao.hs-crypto.cloud.ibm.com |
| Sydney - Deprecated | api.au-syd.hs-crypto.cloud.ibm.com |
uko.au-syd.hs-crypto.cloud.ibm.com |
ep11.au-syd.hs-crypto.cloud.ibm.com |
| Tokyo | api.jp-tok.hs-crypto.cloud.ibm.com |
uko.jp-tok.hs-crypto.cloud.ibm.com |
ep11.jp-tok.hs-crypto.cloud.ibm.com |
| Toronto | api.ca-tor.hs-crypto.cloud.ibm.com |
uko.ca-tor.hs-crypto.cloud.ibm.com |
ep11.ca-tor.hs-crypto.cloud.ibm.com |
| Washington DC | api.us-east.hs-crypto.cloud.ibm.com |
uko.us-east.hs-crypto.cloud.ibm.com |
ep11.us-east.hs-crypto.cloud.ibm.com |
| Region | Private key management service endpoints | Private GREP11 service endpoints |
|---|---|---|
| Dallas | api.private.us-south.hs-crypto.cloud.ibm.com |
ep11.private.us-south.hs-crypto.cloud.ibm.com |
| Frankfurt | api.private.eu-de.hs-crypto.cloud.ibm.com |
ep11.private.eu-de.hs-crypto.cloud.ibm.com |
| London | api.private.eu-gb.hs-crypto.cloud.ibm.com |
ep11.private.eu-gb.hs-crypto.cloud.ibm.com |
| Madrid | api.private.eu-es.hs-crypto.cloud.ibm.com |
ep11.private.eu-es.hs-crypto.cloud.ibm.com |
| São-Paulo | api.private.br-sao.hs-crypto.cloud.ibm.com |
ep11.private.br-sao.hs-crypto.cloud.ibm.com |
| Sydney - Deprecated | api.private.au-syd.hs-crypto.cloud.ibm.com |
ep11.private.au-syd.hs-crypto.cloud.ibm.com |
| Tokyo | api.private.jp-tok.hs-crypto.cloud.ibm.com |
ep11.private.jp-tok.hs-crypto.cloud.ibm.com |
| Toronto | api.private.ca-tor.hs-crypto.cloud.ibm.com |
ep11.private.ca-tor.hs-crypto.cloud.ibm.com |
| Washington DC | api.private.us-east.hs-crypto.cloud.ibm.com |
ep11.private.us-east.hs-crypto.cloud.ibm.com |
For more information about authenticating with Hyper Protect Crypto Services, see the following topics: