Overview
The Securosys XKS Proxy empowers you with AWS External Key Store (XKS), a cutting-edge capability within AWS Key Management Service (KMS). This feature enables you to fortify your data protection in AWS using encryption keys stored securely inside Securosys on-premises Primus HSMs or Securosys managed HSM service (CloudHSM) external to AWS.
When you opt for AWS KMS External Key Store (XKS), you replace the KMS key hierarchy with a new, external root of trust, where all root keys are generated and safeguarded within the HSM you provide and operate. When AWS KMS performs encryption or decryption, it communicates with the Securosys HSMs via the Securosys XKS proxy, ensuring robust security throughout the process.
Take charge of your AWS KMS keys with confidence, knowing that your cryptographic objects remain protected within the tamper-proof Securosys CloudHSM or Primus HSM, away from the AWS cloud. How Securosys XKS Proxy Works Securosys XKS Proxy acts as the secure intermediary between AWS KMS and your Securosys Primus HSM or CloudHSM. The Securosys XKS proxy never directly interacts with your HSM, and it cannot access, manage, or manipulate your keys. Instead, all communication between AWS KMS and your cryptographic objects is channeled through the Securosys XKS Proxy.
Deploying the XKS proxy is simple and seamless, facilitated by the user-friendly Securosys XKS Proxy docker image. It can be downloaded from our Securosys support portal - please contact us if you are interested in learning more.
You have the flexibility to deploy the XKS proxy within an AWS EC2 instance or directly within your own environment, giving you complete control over your encryption workloads.
Deploying the Securosys XKS proxy is simple: configure and run its Docker image to link AWS KMS with Securosys HSMs. Logging options include client server or remote logging. Deployment options include within AWS VPC EC2 or via a public endpoint for on-premises connections to AWS services.
Use the download link in the resources.
Highlights
- DIGITAL SOVEREIGNTY: Your cryptographic keys reside outside of the AWS KMS cloud, ensuring that only you can decrypt protected content, guaranteeing AWS does not have access to your private keys.
- BEST-IN-CLASS COMPLIANCE: Securosys CloudHSMs and the FIPS140-2 Level 3 and CC EAL 4+ certified Primus HSM, empowers you to meet stringent compliance requirements. Our transparent approach allows you to review all software code and blueprints, providing peace of mind that neither Microsoft nor Securosys can access the plain view of your customer data.
- EASY DEPLOYMENT: Swiftly deploy the Securosys XKS proxy, allowing you to focus on safeguarding your sensitive data rather than navigating through intricate setup processes.
Details
Pricing
Custom pricing options
How can we make this page better?
Legal
Content disclaimer
Resources
Vendor resources
Support
Vendor support
Documentation & quick start guide: https://docs.securosys.com/xks/overview
Technical support (account required): https://support.securosys.com/external
Contact sales: