Sepior Key-Management-as-a-Service (KMaaS) is a cloud-based key management system. The system consist of a number of different components:
- Cluster of KeyServers
- Portal
- Application(s) consuming keys and encrypting data
Below is an figure describing the overall architecture together with a few details on the responsibilities of these components
KeyServers
The KeyServers are where the magic happens. Each KeyServers holds a share of each cryptographic key. The share in itself is worthless. It needs to be combined with shares from t KeyServers (see Threshold Trust).
Each KeyServer is run at a separate cloud provider, and implements the key management functionality needed.
Supported cloud providers
Currently we support the following cloud providers:
- Amazon Web Services
- Google Cloud Platform
- DigitalOcean
- Rackspace
Portal
The portal is the user interface for the organisation running a Sepior KMaaS, and provides all the features needed to administrate the key management service, including:
- user management
- backup
- IdP management
- auditing
Application
The application is the system which will consume the interface of the KeyServers through our plugins and SDKs. In this way the application will encrypt data-at-rest or do client-side encryption.
What's Next
Sign-up for KMaaS |
Threshold Trust |