Banner Default Image

Streamline Key Management Across Multiple Cloud Services

Gain operational efficiency, compliance, and security by centrally managing multiple cloud provider encryption keys with CipherTrust Cloud Key Manager

CipherTrust Cloud Key Manager

For virtually every organization today, the adoption of multiple cloud services continues to expand—and so does the use of encryption. As the proliferation of encryption continues, so do the number of keys, and the potential risks. With the CipherTrust Cloud Key Manager, your organization can establish strong controls over encryption keys and policies for data encrypted by cloud services.


ciphertrust cloud key manager


CipherTrust Cloud Key Manager supports a growing list of infrastructure-, platform- and software as a service (IaaS, PaaS and SaaS) providers. SaaS solutions include Microsoft Office365, and Salesforce Sandbox. Supported IaaS/PaaS solutions include Microsoft Azure, Microsoft Azure China National Cloud, Microsoft Azure Stack, and Amazon Web Services.

  • Benefits
  • Features
  • Specifications

Enjoy Enhanced IT Efficiency

CipherTrust Cloud Key Manager centralizes encryption key management from multiple environments, presenting all supported clouds and even multiple cloud accounts in a single browser tab. Automated key rotation and federated login dramatically simplify key life cycle management.

Gain Strong Key Control and Security

Data Encryption solutions from leading public cloud providers such as Microsoft Azure, Amazon Web Services and provide Bring Your Own Key (BYOK) services that enable customers to separate key management from provider-controlled encryption. CipherTrust Cloud Key Manager utilizes BYOK services to deliver key generation, separation of duties, reporting, and key lifecycle management that help fulfill internal and industry data protection mandates, all with FIPS 140-2-certified secure key storage.

Fulfill Best Practices

Separate encryption keys from data encryption and decryption operations for compliance, best security practices and control of your data. Gain operational insights on encryption key usage with dashboards, reports and logs with CipherTrust Cloud Key Manager.

Strong Encryption Key Security

CipherTrust Cloud Key Manager leverages the security of either the CipherTrust Manager or the Vormetric Data Security Manager or to create keys and securely store them. Keys sourced by the solution are available for clouds that provide backup keys to mitigate accidental key deletion in cloud consoles. You control full key metadata control during upload and for keys in use.

True Multi-Cloud Support

With support for Amazon Web Services, Microsoft Azure, Microsoft Azure Stack, China national clouds, IBM Cloud, and Salesforce Sandbox, CipherTrust Cloud Key Manager keeps you in control of encrypted data across multiple clouds from a single pane of glass, including across multiple accounts.

Automated Key Rotation

With the click of a button or an API request, keys are marked for automated key rotation on a per-cloud schedule. From then on, CipherTrust Cloud Key Manager performs key rotation automatically with comprehensive logging for IT efficiency and enhanced data security. Key Rotation may be specified for keys without expiration dates, or specifically for keys to be rotated prior to their expiration dates.

Comprehensive Key Management

Deploy CipherTrust Cloud Key Manager with any number of keys already created at your cloud provider. It will synchronize its key database with your provider’s. Key attributes such as expiration rules and usage options are all maintained.

Federated User Access to Key Management

Each cloud service login is authenticated and authorized by the service provider - CipherTrust Cloud Key Manager includes no login data base nor requires AD or LDAP integration. Granular key usage authorization ensures that users see only permitted keys.

The Compliance Tools You Need

CipherTrust Cloud Key Manager has the full range of logs and reports you need for fast compliance reporting, including a per-cloud operational logs and a range of pre-packaged key activity reports.

Deployment Choices that Match Your Needs

CipherTrust Cloud Key Manager offers several convenient deployment choices to meet your security and deployment needs:

  • All-software is available with FIPS 140-2 Level 1-certified security. Both the CipherTrust Cloud Key Manager Virtual Appliance and virtual CipherTrust Manager or virtual Data Security Manager can be instantiated in Amazon Web Services and Microsoft Azure, or deployed in any private cloud leveraging VMware.
  • Customer that require FIPS 140-2 Level 3 or 2 can deploy or utilize existing CipherTrust Manager or Vormetric Data Security Manager or appliances in on-premises or hosted data centers. Further both the CipherTrust Manager and Data Security Manager virtual appliances can utilize the Thales Luna Network HSM as a root of trust.

Supported Cloud Providers:

CipherTrust Cloud Key Manager Deployment Options

  • Azure Marketplace
  • Azure Stack Marketplace
  • Amazon AMI
  • .OVF for VMware and compatible virtualization

Secure Key Generation Options

  • CipherTrust Manager virtual appliance models k470v and k170v
  • CipherTrust Manager physical appliance models k570 and k470
  • Virtual Vormetric Data Security Manager
  • Vormetric Data Security Manager model 6000
  • Vormetric Data Security Manager model 6100

Authentication Integration:

  • Microsoft Azure: OAuth Federation
  • Salesforce: OAuth Federation
  • Amazon Web Services: Key and Secret
  • IBM Cloud: Key and Secret

Related Resources

The CipherTrust Cloud Key Manager for Multi-cloud Environments

The CipherTrust Cloud Key Manager for Multi-cloud Environments - Report

IT trends such as cloud adoption fundamentally change how corporate data is stored, accessed, and secured, challenging perimeter-centric security models. Meanwhile the threat landscape continues to evolve with bad actors employing new attack vectors and methods exercising new...

CipherTrust Cloud Key Manager - Product Brief

CipherTrust Cloud Key Manager - Product Brief

CipherTrust Cloud Key Manager reduces key management complexity and operational costs by giving customers lifecycle control of encryption keys with automation, centralized management and visibility. Read the product brief for an overview of its features, capabilities and...

Encrypt Everything in the Cloud. OK, But What About All the Keys? - Webinar

Encrypt Everything in the Cloud. OK, But What About All the Keys? - Webinar

A review of best practices for life cycle management of AWS, Azure, Google, Salesforce and other cloud provider encryption BYOK.

CipherTrust Cloud Key Manager Introduction - Video

CipherTrust Cloud Key Manager Introduction - Video

In two minutes, learn of your responsibility to protect data in the cloud, the challenges of multicloud key management, and how CipherTrust Cloud Key Manager can help you!

Watch this video to understand the purpose and get an overview of CipherTrust Cloud Key Manager!

CipherTrust Cloud Key Manager Demonstration - Video

CipherTrust Cloud Key Manager Demonstration - Video

Watch this demonstration of CipherTrust Cloud Key Manager in action!