1.0 Introduction
The following table presents a feature comparison matrix for the Fortanix Cloud Data Control solutions, including Azure Standard and Premium Key Vaults, Amazon Web Services (AWS), and Google Cloud Platform (GCP).
Features | Azure Standard Key Vault | Azure Premium Key Vault | Amazon Web Service (AWS) | Google Cloud Platform |
|---|---|---|---|---|
Key generation from Fortanix DSM | Yes | Yes | Yes | Yes |
Key import from Fortanix DSM | Yes | Yes | Yes | Yes |
Key enable or disable | Yes | Yes | Yes | Yes |
Manual key rotation | Yes | Yes | Yes | Yes |
Key deactivation | Yes | Yes | Yes | Not available in GCP KMS |
Set key expiry date | Yes | Yes | Yes | Not available in GCP KMS |
Delete key from Fortanix DSM
| Yes | Yes | Yes | No (Only supported using destroy API and not DSM UI) |
Key rotation using key rotation policy | Yes | Yes | Yes | Yes |
Key rotation policy with rotate copied keys | Yes | Yes | Yes | Yes |
Key rotation policy with deactivate original key | Yes | Yes | Not available in AWS KMS | Not available in GCP KMS |
Add, update, or delete key tags | Yes | Yes | Yes | Labels are not supported yet |
Bring Your Own Key (BYOK) | Yes | Yes | Yes | Yes |
Rotate to Fortanix DSM key | Yes | Yes | Yes | Yes |
Sync keys | Yes | Yes | Yes | Yes |
Schedule key deletion (AWS) Soft-delete (Azure) | Yes | Yes | Yes | NA |
Cancel key deletion (AWS) Recover deleted key (Azure) | Yes | Yes | Yes | NA |
Reimport key material | NA | NA | Yes | NA |
Delete key material | NA | NA | Yes | NA |
Purged deleted key | Yes | Yes | NA | NA |
Restored purged key | Yes | Yes | NA | NA |
AWS KMS -side key rotation | NA | NA | Yes | NA |
Rotate multi-region keys | NA | NA | Yes | NA |