Sepior Key-Management-as-a-Service (KMaaS) is a cloud-based key management system. The system consist of a number of different components:
- Cluster of KeyServers
- Application(s) consuming keys and encrypting data
Below is an figure describing the overall architecture together with a few details on the responsibilities of these components
The KeyServers are where the magic happens. Each KeyServers holds a share of each cryptographic key. The share in itself is worthless. It needs to be combined with shares from t KeyServers (see Threshold Trust).
Each KeyServer is run at a separate cloud provider, and implements the key management functionality needed.
Supported cloud providers
Currently we support the following cloud providers:
- Amazon Web Services
- Google Cloud Platform
The portal is the user interface for the organisation running a Sepior KMaaS, and provides all the features needed to administrate the key management service, including:
- user management
- IdP management
The application is the system which will consume the interface of the KeyServers through our plugins and SDKs. In this way the application will encrypt data-at-rest or do client-side encryption.