Key Management Service (KMS)

Manage all your cryptographic keys in one place

Elevate your security and efficiently manage your cryptographic key(s) with OVHcloud’s Key Management Service (KMS).

Designed for seamless integration, our KMS enables you to centrally manage cryptographic key(s) for all your applications, whether they are hosted in the cloud or on-premises. This maximises data security and streamlines security operations.

Improved security for your application
Enhanced productivity

Order now

Key Management Service KMS Main Illustration

KMS

€0.06 ex. VAT

/key/month

Order now

Instant data protection with easy one-click encryption

Simplify encryption and secure your data instantly with a single click on your compatible product, without compromising protection.

Enhanced security with complete key access management

Manage your cryptographic key(s) with unparalleled access control, to enhance security and compliance throughout your organisation.

Your keys: Strengthen data privacy with Bring Your Own Keys (BYOK)

Maintain full control over the lifecycle of your cryptographic key(s) and use them on all your applications – whether they are on OVHcloud, a third-party CSP or on-premises. (coming soon)

Predictable pricing model – Queries included at no extra cost

Enjoy transparency with our predictable pricing model; fixed monthly pricing per key with no query fees, which offers budget predictability and cost efficiency.

Nutanix Ready certified

Designed to work flawlessly with Nutanix environments, ensuring that encryption practices do not disrupt existing operations and are fully compliant with industry standards.

Open-Source SDK and CLI

OVHcloud KMS SDK and CLI are open-source. It makes KMS easier to integrate across diverse tech stacks, and are a first step to open-sourcing the OVHcloud KMS.

Key features

Choice of location: Choose a preferred region to store your cryptographic key(s)

Gain complete control over the geographic location of your cryptographic key(s) for better application performance and sovereignty. With our regionalisation feature, you can comply with local data protection regulations, and reduce latency for your applications. This feature not only ensures compliance but also gives you the flexibility to strategically place your keys in regions that align with your organisational and operational needs.

Certified security compliance: ISO27001 & FIPS 140-3

OVHcloud is committed to adhering to the highest market standards, including obtaining ISO 27001 and FIPS 140-3 certifications. These certifications underscore our focus on security and reliability, and affirm that our Key Management Service (KMS) is built on established security practices. Our goal is to give you peace of mind by securely managing your cryptographic key(s) in a certified infrastructure that meets globally recognised security standards.

Increased interoperability with Key Management Interoperability Protocol (KMIP)

Seamlessly integrate your favourite applications and ensure their compatibility through the Key Management Interoperability Protocol (KMIP). This feature makes key management process more efficient, as it allows you to smoothly exchange cryptographic key(s) between your applications and OVHcloud‘s KMS. With KMIP support, OVHcloud KMS, simplifies key management across various IT environments, enabling you to easily apply strong encryption on all your applications, whether they are hosted on OVHcloud or on-premises.

Use cases

Seamless encryption with Object Storage and easy key management

Easy, maintenance-free approach for encrypting data on your OVHcloud Object Storage space, without the need to deal with the complexities of key management.

Users can easily encrypt their data by opting for Server-Side Encryption with OVHcloud-Managed Keys. With this option, your data is encrypted in real time, and OVHcloud manages the cryptographic key(s). This provides users with robust data protection to keep their data safe and secure, without the burden of key management.

Hands-on lifecycle management of keys for your VMware on OVHcloud platform

Encrypt your OVHcloud products with just a few clicks, while retaining complete control over the cryptographic key(s) on your VMware platform.

You can leverage OVHcloud’s Key Management Service (KMS) to manage the lifecycle of your cryptographic key(s). This involves creating, rotating, and retiring keys as needed. Users can achieve a balance between autonomy and ease by integrating KMS with their VMware on OVHcloud setup, as it allows them to encrypt their data and have control over key usage.

Advanced key management for on-premises integration

When developing applications for end customers, Managed Service Providers (MSPs) often prioritise encryption to ensure data security and compliance. To develop applications, you will need a secure and adaptable way to incorporate encryption features.

With REST API, you can leverage OVHcloud’s KMS to create, manage, and use cryptographic key(s) directly within your application development workflow. Moreover, you can seamlessly integrate client-specific encryption requirements into the apps by accessing the client's cryptographic key(s) stored in OVHcloud KMS.

Ready to get started?

Create an account and launch your KMS in minutes

Order now

Related products

Nutanix on OVHcloud

Our scalable and ready-to-use hyperconverged (HCI) Nutanix platform

VMware on OVHcloud

Encrypt your VMs by connecting your vSphere with OVHcloud KMS via the KMIP interface.

Object Storage

Encrypt your data instantly in one click using the OVHcloud KMS SSE-OMK* feature.

User guides

OVHcloud KMS Architecture overview

Getting started with OVHcloud Key Management Service (KMS)

Using OVHcloud Key Management Service (KMS)

FAQ

What is the pricing model for the Key Management Service (KMS)?

Each encryption key that you create and store in OVHcloud KMS costs €0.06 ex. VAT/month. The €0.06 ex. VAT/month charge is the same for symmetric and asymmetric keys and in every OVHcloud regions.

You are not charged for the following:

API calls all along the lifecycle of your encryption keys are not charged.

Creation and storage of OVHcloud Managed Keys (OMK) are not charged. These keys are automatically created on your behalf when you first attempt to encrypt a resource in an OVHcloud service that integrates with OVHcloud KMS. You can neither manage the lifecycle nor access permissions on OVHcloud Managed Keys (OMK).

How are encryption keys securely backed up?

OVHcloud securely maintains encrypted backups of your encryption keys stored in the KMS across multiple regions. For more details, please refer to our user guide OVHcloud KMS Architecture overview

Is it possible to connect my services or applications to OVHcloud KMS using the KMIP protocol?

Yes, you can connect any KMIP-compatible service or application to the OVHcloud KMS, whether on-premises or hosted with OVHcloud or hosted into a 3^rd party cloud service provider. The list of supported KMIP operations is available in our user guide How to connect a compatible product using KMIP protocol

*SSE-OMK: Server Side Encryption - OVHcloud Managed Key