📄️ Azure - Bring Your Own Key
Azure Key Vault is a managed service that enables you to safeguard cryptographic keys and other secrets used by cloud applications and services. With Azure Key Vault, you can easily create, store, and control access to keys used to encrypt your data, as well as secrets such as passwords, API keys, and certificates. Azure Key Vault seamlessly integrates with Azure services and provides a secure and centralized solution for key management.
📄️ AWS - Bring Your Own Key
AWS Key Management Service (AWS KMS) is a managed service that makes it easy for you to create and control the cryptographic keys that are used to protect your data across your applications and more than 100 AWS services. Use AWS KMS to encrypt data across your AWS workloads, digitally sign data, encrypt within your applications using AWS Encryption SDK, and generate and verify message authentication codes (MACs). AWS KMS uses hardware security modules (HSM) to protect and validate your AWS KMS keys.
📄️ Salesforce - Bring Your Own Key
Bring Your Own Key (BYOK) within Salesforce Shield Platform Encryption allows users to supply and manage their own tenant secrets, enhancing data security and regulatory compliance. Users generate and store their key material outside of Salesforce, using preferred crypto libraries or hardware security modules (HSMs), and grant access to Salesforce's encryption mechanisms.
📄️ EMV
EMV standards from the payment sector also define procedures and key ceremonies how to import, export and transfer keys between two entities.
📄️ Self Signed Certificate
Self-signed certificates are certificates where the issuer and subject are the same entity. They are used for various purposes, primarily in scenarios where a trusted third-party certificate authority (CA) is not available or not necessary, such as internal testing, development environments, or isolated network environments.
📄️ Key Migration
Key migration refers to the process of securely transferring cryptographic keys with the wrapping mechanism from one HSM to another (same or different vendor) or a safe key injection into an IOT device. The process is generally used when cloning itself is not either available or viable (only a single or small amount of keys need to be migrated).