The Securosys XKS Proxy empowers you with AWS External Key Store (XKS), a cutting-edge capability within AWS Key Management Service (KMS). This feature enables you to fortify your data protection in AWS using encryption keys stored securely inside Securosys on-premises Primus HSMs or Securosys managed HSM service (CloudHSM) external to AWS.

When you opt for AWS KMS External Key Store (XKS), you replace the KMS key hierarchy with a new, external root of trust, where all root keys are generated and safeguarded within the HSM you provide and operate. When AWS KMS performs encryption or decryption, it communicates with the Securosys HSMs via the Securosys XKS proxy, ensuring robust security throughout the process.

Take charge of your AWS KMS keys with confidence, knowing that your cryptographic objects remain protected within the tamper-proof Securosys CloudsHSM or Primus HSM, away from the AWS cloud. How Securosys XKS Proxy Works Securosys XKS Proxy acts as the secure intermediary between AWS KMS and your Securosys Primus HSM or CloudsHSM. The Securosys XKS proxy never directly interacts with your HSM, and it cannot access, manage, or manipulate your keys. Instead, all communication between AWS KMS and your cryptographic objects is channeled through the Securosys XKS Proxy.

Deploying the XKS proxy is simple and seamless, facilitated by the user-friendly Securosys XKS Proxy docker image. It can be downloaded from our Securosys support portal - please contact us if you are interested in learning more.

You have the flexibility to deploy the XKS proxy within an AWS EC2 instance or directly within your own environment, giving you complete control over your encryption workloads.

Deploying the Securosys XKS proxy is simple: configure and run its Docker image to link AWS KMS with Securosys HSMs. Logging options include client server or remote logging. Deployment options include within AWS VPC EC2 or via a public endpoint for on-premises connections to AWS services.

Use the download link in the resources.