Effective Kubernetes 1.10, a new feature called KMS Encryption Provider lets organizations bring their own KMS (ideally an integrated HSM).
To know the steps for encrypting Kubernetes secrets with Key(s) stored in Fortanix-Data-Security-Manager (DSM), refer to the Kubernetes KMS Plugin for Data Security Manager.
Fortanix Data Security Manager (DSM) is the world’s first cloud service secured with Intel® SGX. With Fortanix DSM, you can securely generate, store, and use cryptographic keys and certificates, as well as other secrets such as passwords, API keys, tokens, or any blob of data. Your business-critical applications and containers can integrate with Fortanix DSM using legacy cryptographic interfaces (PKCS#11, CNG, and JCE) or using the native Fortanix DSM RESTful interface.