KeyControl Vault for Cloud Keys Overview

The KeyControl Vault for Cloud Keys lets you manage keys for use with providers such as AWS, Azure, and GCP in Bring Your Own Key (BYOK) and Hold Your Own Key (HYOK) environments. KeyControl can be used as an External Key Store (XKS) for AWS, an external service for Double Key Encryption (DKE), and an External Key Manager (EKM) provider for GCP KMS and GCP Cloud KMS.

Important: If you plan to manage Entrust Elliptic Curve Cryptography (ECC) keys in a KeyControl Vault for Cloud Keys that is protected by an nShield XC HSM, you must have an ECC license for that HSM.

The KeyControl Vault for Cloud Keys webGUI has an automatic timeout value of 30 minutes.