Key Management Service (KMS)

Manage all your encryption keys in one place

Elevate your security and efficiently manage your encryption keys with OVHcloud’s Key Management Service (KMS).

Designed for seamless integration, our KMS enables you to centrally manage encryption keys for all your applications, hosted in the cloud or on-premises. This enhances data security and streamlines security operations.

Improved security for your application
Enhanced productivity

Discover KMS Today

Key Management Service KMS Main Illustration

KMS

$0.07

/key/month

Order now

Instant data protection with easy one-click encryption

Simplify encryption and help secure your data instantly with a single click on your compatible product.

Enhanced security with complete key access management

Manage your encryption keys with unparalleled access control, to enhance security and compliance throughout your organization.

Your keys: Strengthen data privacy with Bring Your Own Keys (BYOK)

Maintain full control over the lifecycle of your encryption keys and use them on all your applications – whether they are on OVHcloud or a third-party CSP.

Predictable pricing model – Queries included at no extra charge

Enjoy transparency with our predictable pricing model; fixed monthly pricing per key with no query fees, offering budget predictability and cost efficiency.

Nutanix® Ready certified

Designed to work seamlessly with Nutanix® environments, helping ensure that encryption practices do not disrupt existing operations and are fully compliant with industry standards.

Open-Source SDK and CLI

OVHcloud KMS SDK and CLI are open-source. It makes KMS easier to integrate across diverse tech stacks, and are a first step to open-sourcing the OVHcloud KMS.

Key features

Choice of location: Choose a preferred region to store your encryption keys

Select from OVHcloud US KMS services hosted in Virginia or Oregon, ensuring your encryption keys are stored in the region that best aligns with your compliance and latency requirements. You gain greater control and adaptability in managing your encrypted data by choosing the location that best aligns with your organizational and operational needs

Security compliance: ISO27001 & FIPS 140-3

OVHcloud is committed to adhering to stringent market standards, including obtaining ISO 27001 and FIPS 140-3 certifications (unavailable in Local Zones). These certifications underscore our focus on security and reliability and affirm that our Key Management Service (KMS) is built on established security practices. Our goal is to give you peace of mind by managing your encryption keys in a certified infrastructure that meets globally recognized security standards.

Increased interoperability with Key Management Interoperability Protocol (KMIP)

Seamlessly integrate your favorite applications and better ensure their compatibility through the Key Management Interoperability Protocol (KMIP). This feature makes the key management process more efficient, allowing you to smoothly exchange encryption keys between your applications and OVHcloud‘s KMS. With KMIP support, OVHcloud KMS, simplifies key management across various IT environments, enabling you to easily apply strong encryption on all your applications, whether they are hosted on OVHcloud

Use cases

Seamless encryption for your Object Storage and easy key management

Easy, maintenance-free approach for encrypting data on your OVHcloud Object Storage space, without needing to deal with key management's complexities. Users can easily encrypt their data by opting for Server-Side Encryption with OVHcloud managed keys. This option encrypts your data in real time, and OVHcloud manages the encryption keys. This provides users with robust data protection to keep their data safe and secure, without the burden of key management.

Hands-on lifecycle management of keys for your VMware on the OVHcloud platform

Encrypt your OVHcloud products with just a few clicks, while retaining complete control over the encryption keys on your VMware platform. You can leverage OVHcloud’s Key Management Service (KMS) to manage the lifecycle of your encryption keys. This involves creating, rotating, and retiring keys as needed. Users can achieve a balance between autonomy and ease by integrating KMS with VMware on their OVHcloud setup, as it allows them to encrypt their data and have control over key usage.

Advanced key management for on-premises integration

When developing applications for end customers, Managed Service Providers (MSPs) often prioritize encryption to ensure data security and compliance. To develop applications, you will need a secure and adaptable way to incorporate encryption features. With REST API, you can leverage OVHcloud’s KMS to create, manage, and use encryption keys directly within your application development workflow. Additionally, you can seamlessly integrate client-specific encryption requirements into the apps by accessing the client's encryption keys stored in OVHcloud KMS.

Ready to get started?

Create an account and launch your KMS in minutes!

Get Started Today

Explore our integrated cloud solutions

Object Storage

Encrypt your data instantly in one click using the *SSE-OMK: Server Side Encryption - OVHcloud Managed Key feature.

VMware on OVHcloud

Encrypt your VMs by connecting your vSphere with OVHcloud KMS via the KMIP interface.

Nutanix® on OVHcloud

Our scalable and ready-to-use hyperconverged (HCI) Nutanix® platform

User guides

OVHcloud KMS Architecture overview

Getting started with OVHcloud Key Management Service (KMS)

Using OVHcloud Key Management Service (KMS)

FAQ

What is the pricing model for the Key Management Service (KMS)?

Each encryption key you create and store in OVHcloud KMS costs $0.07 /month. The $0.07 /month charge is the same for symmetric and asymmetric keys and in every OVHcloud regions.

You are not charged for the following:

API calls all along the lifecycle of your encryption keys are not charged.

Creation and storage of OVHcloud Managed Keys (OMK) are not charged. These keys are automatically created on your behalf when you first attempt to encrypt a resource in an OVHcloud service that integrates with OVHcloud KMS. You can neither manage the lifecycle nor access permissions on OVHcloud Managed Keys (OMK).

How are encryption keys securely backed up?

OVHcloud securely maintains encrypted backups of your encryption keys stored in the KMS across multiple regions. For more details, please refer to our user guide OVHcloud KMS Architecture overview

Is it possible to connect my services or applications to OVHcloud KMS using the KMIP protocol?

Yes, you can connect any KMIP-compatible service or application to the OVHcloud KMS, whether on-premises or hosted with OVHcloud or hosted into a 3^rd party cloud service provider. The list of supported KMIP operations is available in our user guide How to connect a compatible product using KMIP protocol

*SSE-OMK: Server Side Encryption - OVHcloud Managed Key

*S3 is a trademark filed by Amazon Technologies, Inc. OVHcloud's service is not sponsored by, endorsed by, or otherwise affiliated with Amazon Technologies, Inc.