Sepior KMaaS

Sepior KMaaS Documentation

Welcome to the Sepior documentation hub. You'll find comprehensive guides and documentation to help you start working with Sepior Key Management-as-a-Service as quickly as possible, as well as support if you get stuck. Let's jump right in!

Introduction to KMaaS

Sepior Key-Management-as-a-Service (KMaaS) is a cloud-based key management system. The system consist of a number of different components:

  • Cluster of KeyServers
  • Portal
  • Application(s) consuming keys and encrypting data
    Below is an figure describing the overall architecture together with a few details on the responsibilities of these components

KeyServers

The KeyServers are where the magic happens. Each KeyServers holds a share of each cryptographic key. The share in itself is worthless. It needs to be combined with shares from t KeyServers (see Threshold Trust).

Each KeyServer is run at a separate cloud provider, and implements the key management functionality needed.

Supported cloud providers

Currently we support the following cloud providers:

  • Amazon Web Services
  • Google Cloud Platform
  • DigitalOcean
  • Rackspace

Portal

The portal is the user interface for the organisation running a Sepior KMaaS, and provides all the features needed to administrate the key management service, including:

  • user management
  • backup
  • IdP management
  • auditing

Application

The application is the system which will consume the interface of the KeyServers through our plugins and SDKs. In this way the application will encrypt data-at-rest or do client-side encryption.