Encryption Key and Secrets Management Solutions
Organizations face growing challenges managing cryptographic keys and secrets as IT environments become more distributed, cloud‑based, and regulated. Keys, credentials, and API tokens are often spread across applications, clouds, and regions, reducing visibility and making it difficult to enforce consistent policies, meet audit requirements, or limit operational risk.
Traditional centralized tools struggle to scale and provide limited insight into how cryptographic assets are used and governed.
The Entrust Cryptographic Security Platform Key Manager (formerly KeyControl) addresses these issues by combining traditional key lifecycle management with a decentralized, vault‑based architecture and centralized visibility and governance.
Easily manage cryptographic keys and secrets at scale
Protect your encryption keys with centralized key management
Scalable, cost-effective, and enterprise-ready
Redefining cryptographic key and secrets management
Traditional key management systems haven’t adapted to the realities and risks organizations with multi-cloud strategies face. Basic access controls, sparse metadata, and storage in one-size-fits-all key vaults should no longer be considered key management. You are not effectively managing your keys and secrets if you are not in control and aware of who creates and uses them. Knowing where your keys are stored can be an essential component for compliance with corporate security policies and/or regulations that differ by location and use case. Entrust’s cryptographic key management solutions help address these evolving requirements.
Modern post-quantum-ready key management for a complex multi-cloud world
Entrust CSP Key Manager is setting a new standard for key and secrets management by combining traditional key lifecycle management and a decentralized vault-based architecture with a comprehensive central policy and compliance management dashboard – the CSP Compliance Manager. The platform offers decentralized security with centralized visibility across the enterprise’s cryptographic assets. The powerful combination can help ensure data is protected in compliance with stringent regulatory requirements and keys and secrets can be geolocated and managed to respect data sovereignty mandates.
Entrust Compliance Manager: Data protection is in the details
The CSP Compliance Manager provides a powerful compliance dashboard with granular policy management and control of cryptographic keys and secrets across your enterprise. The unified dashboard allows you to view and monitor your organization’s cryptographic assets in vaults configured locally or geographically distributed.
Entrust CSP Key Manager
With Entrust CSP Key Manager, businesses can easily manage encryption keys at scale. This key management software simplifies management of encrypted workloads by automating the lifecycle of encryption keys; including key storage, backup, distribution, rotation, and key revocation.
CSP Key Manager Typical Use Cases
Database Protection
Entrust CSP Key Manager and Entrust nShield® hardware security modules (HSMs) integrate with leading database vendors to deliver enhanced database protection with centralized, automated encryption key management software and a root of trust for critical encryption keys.
Backup and Recovery
Entrust CSP Key Manager and Entrust nShield HSMs integrate with leading data backup and recovery solutions to deliver enhanced data protection across on-premises, hybrid, and multi-cloud deployments. This centralized key management system supports long-term protection and recovery planning.
Hyperconverged Infrastructure
Entrust CSP Key Manager integrates with leading providers to deliver a scalable, cost-effective, future-proofed alternative to traditional data centers. Key Manager acts as a pre-integrated, always-on universal key management server for your KMIP-compatible virtualized environment.
Storage
Entrust CSP Key Manager integrates with data storage products to automate and simplify the lifecycle of encryption keys, including key creation, storage, distribution, rotation, and revocation.
BYOK and HYOK
Bring Your Own Key (BYOK) and Hold Your Own Key (HYOK) integrations with CSP Key Manager reduce reliance on cloud provider trust models while enabling secure, compliant cloud adoption.
Secrets
Enables organizations to securely store and strictly control access to passwords, token certificates, and cryptographic keys for protecting resources such as cloud services, databases, servers, or containers.
Technology Integrations
CSP Key Manager integrates with a wide range of technology integrations as illustrated by use case in the illustration below.
The national defense organization strengthened security and future‑readiness by modernizing its PKI, enabling centralized key management, encryption, and certificate control that improved resilience and compliance across its digital identity infrastructure.
Understanding Keys and Secrets Management
What is Secrets Management?
Learn the ins and outs of secrets management, why it’s essential to your business, and best practices you can use to safeguard your assets, sensitive data, and credentials from unauthorized access.
What is Encryption Key Management?
Learn all you need to know about encryption key management, including what it is, why it’s important, and how encryption key management software can help you improve your cryptographic ecosystem today.
General Resources
CSP Key and Secrets Management
In-depth brochure covering common use cases for CSP Key Manager.
CSP Compliance Manager
Overview, key features and benefits of the Cryptographic Security Platform Compliance Manager.
CSP Compliance Pack
Facilitating compliance of key management with industry-specific templates for national and international standards and regulations.
CSP Vault for KMIP
Managing cryptographic keys using the Key Management Interoperability Protocol (KMIP).
CSP Key Management Vault for PASM
Manage and control SSH access across on-premises and cloud environments.
Cryptographic Security Platform Cryptographic API
Cloud-friendly REST-like interface for cryptographic operations for use with Entrust platform’s Key Management Vault deployments.
CSP Command Line Interface (Crypto CLI)
DevOps-friendly command line tool for cryptographic operations for use with Entrust Key Management Vault deployments.
Database Protection Related Resources
CSP Vault for Databases – Microsoft SQL
CSP Key Manager securing Microsoft SQL database TDE encryption keys.
CSP Vault for Databases – Oracle
Secure your data with Oracle Database TDE encryption keys.
CSP Product and Professional Service Bundle for Database Encryption
Deploy database encryption and simplify compliance with Entrust Platform Bundles.
Cloud Key Management Related Resources
CSP Vault for Cloud Keys – AWS KMS XKS
Control access to cloud-based cryptographic keys using Cryptographic Security Platform and AWS KMS External Key Store (XKS).
CSP Vault for Cloud Keys – Azure DKE
Protecting highly sensitive Microsoft 365 data using Double Key Encryption (DKE).
Reach Your True Business Value
Get a personalized analysis of benefits – including an estimated ROI, improved productivity, and annual benefits – in our Business Value Tool.
It’s fast, free, and full of insights.
Fill out the form and one of our key and secrets management experts will contact you.
