The keys, as well as other types of secrets stored in Fortanix-Data-Security-Manager (DSM), are held in an encrypted database when not in use. When in use, the keys are only available inside a secure enclave created using Intel® SGX technology, which ensures that the key material is never available in plaintext to any software component on the node other than Fortanix DSM itself. This includes the OS, hypervisor, BIOS, co-tenant VMs, etc. Fortanix DSM-managed key material is also never exposed in plaintext on the system memory bus or on any other physical interface outside the processor package.
Fortanix Data Security Manager (DSM) is the world’s first cloud service secured with Intel® SGX. With Fortanix DSM, you can securely generate, store, and use cryptographic keys and certificates, as well as other secrets such as passwords, API keys, tokens, or any blob of data. Your business-critical applications and containers can integrate with Fortanix DSM using legacy cryptographic interfaces (PKCS#11, CNG, and JCE) or using the native Fortanix DSM RESTful interface.
Fortanix Data Security Manager (DSM) is the world’s first cloud service secured with Intel® SGX. With Fortanix DSM, you can securely generate, store, and use cryptographic keys and certificates, as well as other secrets such as passwords, API keys, tokens, or any blob of data. Your business-critical applications and containers can integrate with Fortanix DSM using legacy cryptographic interfaces (PKCS#11, CNG, and JCE) or using the native Fortanix DSM RESTful interface.