Use case

Key management

Standardize distribution workflow and lifecycle management across KMS providers.


Managing encryption keys at scale is difficult and time consuming

Many cloud providers offer a key management service (KMS), where encryption keys can be issued and stored for maintaining a root of trust. However, this often leads to manual lifecycle management work when you are looking to bring your own keys.


Centrally manage and automate encryption keys across environments

The Key Management secrets engine provides an API abstraction layer and offers a standardized workflow for distribution and lifecycle management of cryptographic keys in various KMS providers. It allows organizations to greatly simplify the lifecycle management of keys Vault has distributed and maintains centralized control of those keys in Vault, while still taking advantage of cryptographic capabilities native to the KMS providers such as AWS KMS, Microsoft Azure Key Vault, and Google Cloud KMS. 

Ready to get started?

Secure, store, and tightly control access to tokens, passwords, certificates, and encryption keys for protecting secrets and other sensitive data using a UI, CLI, or HTTP API.

Bring your own key with Vault

Use Vault to generate a key for native cloud key management services. In this session, we'll show how to generate a new key with Vault and bring that into an existing KMS.