Encryption Key Management Software

All Products

(1-25 of 51)

1
Yubico YubiKeys

Yubico YubiKeys make the internet safer with phishing-resistant multi-factor authentication (MFA) by providing simple and secure access to computers, mobile devices, servers, and internet accounts. The Yubico YubiKey stops account takeovers at scale by mitigating phishing and ransomware…

2
IBM Hyper Protect Crypto Services

IBM Cloud® Hyper Protect Crypto Services (Hyper Protect Crypto Services for short) is a dedicated key management service and hardware security module (HSM) based on IBM Cloud. This service is used to take the ownership of the cloud HSM to fully manage encryption keys and to per…

3
Infisical
0 reviews

Infisical is an open-source, end-to-end encrypted tool that helps developers manage secrets and environment variables across their teams, devices, and infrastructure.

4
CipherTrust Manager

CipherTrust Manager (formerly known as Next Generation KeySecure) offers enterprise key management solution enabling organizations to centrally manage encryption keys, provide granular access control and configure security policies. CipherTrust Manager is the central management point…

5
HashiCorp Vault

HashiCorp offers Vault, an encryption tool of use in the management of secrets including credentials, passwords and other secrets, providing access control, audit trail, and support for multiple authentication methods. It is available open source, or under an enterprise license.

6
Unbound Key Control

Unbound Key Control (UKC) is a unified key manager and virtual HSM which provides full key lifecycle management across on-premise data centers and multiple cloud environments.

This pure-software solution manages all keys from all on-premises or cloud workloads and from any cloud service provider (CSP), providing teams with control over cryptographic keys - how they're stored and where they're used. Use Unbound Key Contr…

7
CipherTrust Cloud Key Manager

CipherTrust Cloud Key Manager from Thales combines support for cloud provider BYOK APIs, cloud key management automation, and key usage logging and reporting, to provide cloud consumers with strong controls over encryption key life cycles for data encrypted by cloud services.

8
Unbound Crypto-of-Things

Unbound CoT eliminates the single point of compromise by ensuring that sensitive keys that reside on untrusted and insecure devices never exist in the clear at any point in their lifecycle – not even when generated or while in use. With Unbound CoT, key material is never whole. Rather,…

9
Venafi Zero Touch PKI

Venafi Zero Touch PKI is a SaaS-based alternative to creating and running an internal PKI. It can be configured and managed in any way needed, in conjunction with multiple CAs and options for security and traceability.

10
Huawei Cloud Data Encryption Workshop (DEW)

Data Encryption Workshop (DEW) is a full-stack data encryption service, on Huawei Cloud. It covers Key Management Service (KMS), Key Pair Service (KPS), and Dedicated HSM. With DEW, the user can develop customized encryption applications, and integrate it with other HUAWEI CLOUD…

11
TOPKI – Certificate management & distribution platform

Secardeo TOPKI (Trusted Open PKI) is a PKI system platform for automated key distribution of X.509 certificates and private keys to all users and devices where they are required. For this, TOPKI provides components that serve for specific certificate lifecycle management tasks.…

12
Entrust KeyControl

KeyControl is a solution designed to enable users to manage encryption keys, including how often they are rotated and shared. It was developed by Hytrust, which was acquired by Entrust in January, 2021. It is now an Entrust product.

13
BlackVault by Engage Black

Since 1989, Engage has offered products and solutions that help organizations deploy and operate cost-effective and reliable communications, and meet their data security needs. Engage BlackVault is a cryptographic appliance with a built-in FIPS Level 3 Hardware Security Module (HSM)…

14
Unbound Crypto Asset Security Platform

A FIPS 140 L2 certified software solution that eliminates this single point of failure of public key…

15
Virtru

Virtru in Washington DC offers email encryption software and persistent data security, privacy and loss prevention.

16
Venafi Control Plane for Machine Identities

Venafi, headquartered in Salt Lake City, protects machine identity types by orchestrating cryptographic keys and digital certificates for SSL/TLS, code signing, mobile and SSH.

17
Ubiq Security, Inc.

The Ubiq platform is an API-based developer platform that enables developers to build customer-side data encryption into any application, across multiple programming languages, without requiring prior encryption knowledge or expertise. And as new cryptography and encryption innovations…

18
Google Cloud Key Management

Google Cloud Key Management allows users to manage encryption keys on Google Cloud.

19
AppViewX CERT+

The AppViewX CERT+ product enables the Certificate Lifecycle Automation solution on the vendor's AppViewX Platform. CERT+ aims to help enterprise IT manage and automate the entire lifecycle of their internal and external PKI. CERT+ provides extensive visibility into the multi-vendor certificate…

20
Lockr
0 reviews

Lockr is presented as a simple-to-use plugin for WordPress or Drupal to manage a site’s API and Encryption keys in a secure offsite hosted environment. Lockr removes the key from site code and database and stores it in a secure and certified key manager. Then when a site needs the…

21
Keyfactor Command

Keyfactor (formerly Certified Security Solutions or CSS) headquartered in Cleveland offers Keyfactor Command, a digital certificate management solution, end-to-end managed PKI as-a-service or certificate lifecycle automation solution. It provides automated certificate scanning and…

22
Townsend Security

Townsend Security headquartered in Olympia is a provider of encryption and key management systems. The vendor states their aim is to help customers achieve industry standard data protection and meet compliance regulations in less time and at an affordable price.

23
AWS Key Management Service

AWS Key Management Service (KMS) is designed to make to create and manage cryptographic keys and control their use across a wide range of AWS services and in your applications. AWS KMS is presented as a secure and resilient service that uses hardware security modules that have been…

24
Azure Dedicated HSM

Azure Dedicated HSM are hardware security modules that used in the cloud enabling users to maintain full administrative and cryptographic control over HSMs. The solution provides control over who in the organization can access HSMs and the scope and assignment of their roles, with…

25
Haventec
0 reviews

Haventec, headquartered in Sydney, offers a platform that provides enterprises with the means of safeguarding the privacy of the people they both serve and employ – if sensitive information (data and digital credentials) is protected by the Haventec platform, when the enterprise…

Learn More About Encryption Key Management Software

What is Encryption Key Management Software?

Encryption Key Management (EKM) software handles the storage, management, and administration of encryption keys. Encryption keys are the mechanisms that other systems and applications use to encrypt or decrypt data. While encryption keys in some form are present and necessary for every form of encryption, standalone encryption key management systems only become necessary when multiple encryption systems must be centrally managed simultaneously. These systems allow IT and security administrators to distribute and manage logical or physical access to encryption keys, and they often let businesses host their own encryption keys to mitigate risk from 3rd party vendors.

Encryption keys are essential to any encryption process a business uses. There are different types of encryption keys to encrypt different types of data, but EKM software should be able to manage any kind of encryption key. Flexible encryption key management is especially crucial when businesses use a mix of on-premise, virtual, and cloud systems that each need to utilize encryption or decryption keys. This leads EKM products to be most commonly used by enterprises that have a range of systems and data storehouses, especially those concerned with securing proprietary data or complying with regulatory requirements.

There are other features that make a complete encryption key management solution. For instance, encryption key management software should also include backup functionality to prevent key loss. These products should also allow administrators to encrypt the encryption keys themselves for additional layers of security.

Encryption key management enables large organizations and enterprises to scale their encryption capabilities over time. Enterprise-wide policies help ensure proper encryption key storage and protection. Key management and security also serves as the linchpin for all other encryption systems and tools within an organization. Scalable encryption key management also improves key lifecycle management, which prevents unauthorized access or key loss, which can leave data vulnerable or inaccessible respectively.


EKM and Hardware Security Modules (HSM)

Encryption key management benefits dramatically from using a hardware security module (HSM). HSMs are physical devices built to be security-oriented from the ground up, and are used to prevent physical or remote tampering with encryption keys by ensuring on-premise hosted encryption management. By being a separate device, an HSM remains isolated from other systems that would otherwise expose the encryption keys to other potential vulnerabilities and exploits.


Encryption key management software can be hosted on non-dedicated or cloud-based systems, and it may be necessary for some orgs to do so. However, HSMs will provide the highest level of encryption key security that organizations can retain direct control over. Hosted EKM products will likely have HSMs on the vendor site, but self-hosting organizations should consider utilizing an HSM as well.


Encryption Key Management Comparison

When comparing encryption key management systems, consider these factors:


  • Deployment: Does the organization want to keep all encryption key management on-premise, in which case an HSM deployment would be essential. For organizations who aren’t worried about first-party control, a cloud-based offering may be more scalable.

  • Scalability: How well can each system manage the organization’s current, and future, growth of encryption processes and keys? Consider both the ease of management at scale, as well as each vendor’s pricing structure. Some products’ pricing models may become more or less competitive at scale.

  • IAM Integration: Will each product easily or natively integrate with the organization’s identity management system? This is crucial to automating user permissions to access certain encryption keys without overprovisioning access.


Start an encryption key management system comparison here


Pricing Information

There are two main pricing models encryption key management providers offer. Some vendors offer pricing per key, which can start at $1/month/key for some vendors. This model is most popular for all-digital key management. Other vendors that offer hardware to help manage encryption keys will offer different tiers based on the hardware and key volume.

Related Categories

Frequently Asked Questions

What are the functions of key management?

Key management ensures that encryption keys’ lifecycles are properly managed, and centrally controls what users and systems have access to the necessary encryption keys.

Why is key management required?

Key management is crucial to ensure that encryption keys are not compromised, such as being left in unsecured systems or exposed to hackers.

What is the key management life cycle?

Encryption keys only remain secure for so long, and as time goes on they are more likely to be compromised or lost. Lifecycle management gauges the length of time when a given key is still usable, and automatically decommissions the key as it creates a new one to replace it, ensuring that keys remain fresh and secure.