The keys, as well as other types of secrets stored in Fortanix Data Security Manager (DSM), are held in an encrypted database when not in use. When in use, the keys are only available inside a secure enclave created using Intel® SGX technology, which ensures that the key material is never available in plaintext to any software component on the node other than Fortanix DSM itself. This includes the OS, hypervisor, BIOS, co-tenant VMs, etc. Fortanix DSM-managed key material is also never exposed in plaintext on the system memory bus or on any other physical interface outside the processor package.
- What KMIP coverage do we provide?
- Can I use a proxy with Fortanix Self-Defending KMS?
- Does Fortanix Self-Defending KMS include a Web Application Firewall (WAF)? Should I configure a WAF with Self-Defending KMS?
- What is Intel Attestation Service (IAS) and why should I use IAS service?
- How does Self-Defending KMS compare with other KMS?
- Can I import keys into Self-Defending KMS?
- Where is encryption and decryption done if I use Self-Defending KMS?
- Can Fortanix employees access my keys?
- Where do my keys live if I use Fortanix Data Security Manager?
- How does Fortanix Data Security Manager work?