The keys, as well as other types of secrets stored in Self-Defending KMS, are held in an encrypted database when not in use. When in use, the keys are only available inside a secure enclave created using Intel® SGX technology, which ensures that the key material is never available in plaintext to any software component on the node other than Self-Defending KMS itself. This includes the OS, hypervisor, BIOS, co-tenant VMs, etc. Self-Defending KMS-managed key material is also never exposed in plaintext on the system memory bus or on any other physical interface outside the processor package.
- Can I use a proxy with Self-Defending KMS?
- Does Self-Defending KMS include a Web Application Firewall (WAF)? Should I configure a WAF with Self-Defending KMS?
- How does Self-Defending KMS compare with other KMS?
- Can I import keys into Self-Defending KMS?
- Where is encryption and decryption done if I use Self-Defending KMS?
- Can Fortanix employees access my keys?
- Where do my keys live if I use Self-Defending KMS?
- How does Self-Defending KMS work?
- What cryptographic operations are available in Self-Defending KMS?
- What key management features are available in Self-Defending KMS?