Encryption Key Management Software

Best Encryption Key Management Software include:

HashiCorp Vault, Venafi, and SecureDoc.

Encryption Key Management Software Overview

What is Encryption Key Management Software?

Encryption Key Management (EKM) software handles the storage, management, and administration of encryption keys. Encryption keys are the mechanisms that other systems and applications use to encrypt or decrypt data. While encryption keys in some form are present and necessary for every form of encryption, standalone encryption key management systems only become necessary when multiple encryption systems must be centrally managed simultaneously. These systems allow IT and security administrators to distribute and manage logical or physical access to encryption keys, and they often let businesses host their own encryption keys to mitigate risk from 3rd party vendors.

Encryption keys are essential to any encryption process a business uses. There are different types of encryption keys to encrypt different types of data, but EKM software should be able to manage any kind of encryption key. Flexible encryption key management is especially crucial when businesses use a mix of on-premise, virtual, and cloud systems that each need to utilize encryption or decryption keys. This leads EKM products to be most commonly used by enterprises that have a range of systems and data storehouses, especially those concerned with securing proprietary data or complying with regulatory requirements.

There are other features that make a complete encryption key management solution. For instance, encryption key management software should also include backup functionality to prevent key loss. These products should also allow administrators to encrypt the encryption keys themselves for additional layers of security.

Pricing Information

There are two main pricing models encryption key management providers offer. Some vendors offer pricing per key, which can start at $1/month/key for some vendors. This model is most popular for all-digital key management. Other vendors that offer hardware to help manage encryption keys will offer different tiers based on the hardware and key volume.

Encryption Key Management Products

(1-25 of 33) Sorted by Most Reviews

HashiCorp Vault
6 ratings
4 reviews
HashiCorp now offers their open source application Vault, an encryption tool of use in the management of secrets including credentials, passwords and other secrets, providing access control, audit trail, and support for multiple authentication methods.
4 ratings
3 reviews
Virtru in Washington DC offers email encryption software and persistent data security, privacy and loss prevention.
1 ratings
2 reviews
Venafi, headquartered in Salt Lake City, protects machine identity types by orchestrating cryptographic keys and digital certificates for SSL/TLS, code signing, mobile and SSH.
Sectigo Certificate Manager
Sectigo Certificate Manager deploys and automates lifecycle management of PKI certificates across a range of enterprise use cases, including securing web and network resources, email security and encryption, identity, DevOps containers and code, and public cloud resources.
Australian company Cogito Group offers the Jellyfish integrated access control based CASB, credential management / PKI solution, and digital identity solution.
SecureDoc from Canadian company WinMagic is an enterprise encryption key management solution.
Zettaset XCrypt
Zettaset's software-based data encryption solutions are designed to protect petabyte-scale hybrid cloud and hyper-converged infrastructure deployments. Zettaset’s encryption solutions are compatible with Object, SQL, NoSQL, and Hadoop data stores.
IBM Security Guardium Key Lifecycle Manager
IBM Security Guardium Key Lifecycle Manager centralizes, simplifies and automates the encryption key management process to help protect encrypted data and simplify encryption key management. It offers key storage, key serving and key lifecycle management for self-encrypting applications and solution…
Keyfactor Command
Keyfactor (formerly Certified Security Solutions or CSS) headquartered in Cleveland offers Keyfactor Command, a digital certificate management solution, end-to-end managed PKI as-a-service or certificate lifecycle automation solution. It provides automated certificate scanning and discovery, role ba…
Vormetric Data Security Manager (DSM)
Thales eSecurity headquartered in San Jose offers the Vormetric Data Security Manager (DSM), an appliance-based encryption solution available in the V6000 and V6100 editions. The DSM creates, stores and manages the encryption keys that protect data, but also enables organizations to manage every asp…
Microsoft Azure Key Vault
Microsoft's Azure Key Vault allows users to safeguard cryptographic keys and other secrets used by cloud apps and services. Azure Key Vault can be used to encrypt keys and small secrets like passwords that use keys stored in hardware security modules (HSMs).
SecurityFirst DataKeep
SecurityFirst headquartered in California offers DataKeep, a data protection solution that provides access control and inbuilt key management to protect private and sensitive data.
Alibaba Cloud Key Management Service
Alibaba Cloud Key Management Service (KMS) provides key management and cryptography services to help encrypt and protect sensitive data assets. KMS is integrated with a wide range of Alibaba Cloud services to allow users to encrypt data across the cloud and to control its distributed environment. KM…
Townsend Security
Townsend Security headquartered in Olympia is a provider of encryption and key management systems. The vendor states their aim is to help customers achieve industry standard data protection and meet compliance regulations in less time and at an affordable price.
Prime Factors EncryptRIGHT
Prime Factors headquartered in Eugene offers EncryptRIGHT, which includes a comprehensive, centralized encryption key management system for orchestrating all of the cryptographic keys related to data protection, including the ability to generate, exchange, distribute, store, rotate, temporarily susp…
CipherTrust Manager (formerly Next Generation KeySecure)
CipherTrust Manager (formerly known as Next Generation KeySecure) offers enterprise key management solution enabling organizations to centrally manage encryption keys, provide granular access control and configure security policies. CipherTrust Manager is the central management point for the CipherT…
GnuPG is a free implementation of the OpenPGP standard as defined by RFC4880 (also known as PGP). GnuPG allows users to encrypt and sign data and communications; it features a key management system, along with access modules for all kinds of public key directories.
Fortanix Self-Defending Key Management Service
Fortanix Self-Defending KMS is a cloud solution secured with Intel SGX. With Fortanix Self-Defending KMS, users can securely generate, store, and use cryptographic keys and certificates, as well as secrets, such as passwords, API keys, tokens, or any blob of data.
Lockr is presented as a simple-to-use plugin for WordPress or Drupal to manage a site’s API and Encryption keys in a secure offsite hosted environment. Lockr removes the key from site code and database and stores it in a secure and certified key manager. Then when a site needs the key to be used in …
Google Cloud Key Management
Google Cloud Key Management allows users to manage encryption keys on Google Cloud.
CipherTrust Data Security Platform
Thales' CipherTrust Data Security Platform aims to remove complexity from data security, accelerate time to compliance, and secure cloud migrations. The platform is built on a modern micro-services architecture, is designed for the cloud, includes Data Discovery and Classification, and fuses togethe…
ManageEngine Key Manager Plus
ManageEngine Key Manager Plus is a web-based key management solution that helps users consolidate, control, manage, monitor, and audit the entire life cycle of SSH (Secure Shell) keys and SSL (Secure Sockets Layer) certificates. It provides visibility into the SSH and SSL environments and helps admi…
CipherTrust Cloud Key Manager
CipherTrust Cloud Key Manager from Thales combines support for cloud provider BYOK APIs, cloud key management automation, and key usage logging and reporting, to provide cloud consumers with strong controls over encryption key life cycles for data encrypted by cloud services.
AWS Key Management Service
AWS Key Management Service (KMS) is designed to make to create and manage cryptographic keys and control their use across a wide range of AWS services and in your applications. AWS KMS is presented as a secure and resilient service that uses hardware security modules that have been validated under F…
AWS CloudHSM is a cloud-based hardware security module (HSM) that enables users to easily generate and use encryption keys on the AWS Cloud. With CloudHSM, users can manage their own encryption keys using FIPS 140-2 Level 3 validated HSMs. CloudHSM offers users the flexibility to integrate with appl…