Protect Sensitive Data Across Clouds and Private Datacenters
The Challenge
All application data should be encrypted, but deploying cryptography and key management infrastructure is expensive, hard to develop against, and not cloud or multi-datacenter friendly.
The Solution
Vault provides encryption as a service with centralized key management to simplify encrypting data in transit and at rest across clouds and datacenters.
Encryption Features
API-driven Encryption
Encrypt and decrypt application data with an HTTP (TLS) API call. Key management, encryption algorithm, and more are offloaded and centrally managed by Vault.
Encryption Key Rolling
Update and roll new keys throughout distributed infrastructure while retaining the ability to decrypt encrypted data.
FIPS 140-2 & Cryptographic Compliance
Use FIPS 140-2-certified HSMs to ensure that Critical Security Parameters are protected in a compliant fashion.
Replication Filters
Selectively Whitelist/Blacklist and activate or deactivate mounts for Secret Mounts for replication filtering.