SENSITIVE secret PROTECTION SOLUTION

DuoKey for Vault

We have developed for you DuoKey for HashiCorp Vault Enterprise integration which greatly simplifies the Vault administration. It is a must-have for any HashiCorp Vault Enterprise deployment within an organization storing its sensitive information inside Vault

Control
Control your root master key in hashicorp vault
Protect
All generated Vault secret are Seal-Wrap using FIPS140-2 module
Trust
LEVERAGE ON HCP CLOUD USING YOUR OWN ROOT MASTER KEYS

Built with Security and Privacy in mind

Built With Security And Privacy In Mind
  • Master Key Wrapping: The Vault master key is protected by transiting it through the DuoKey Vault MPC rather than having it split into key shares.
  • Automatic Unsealing: Vault stores its encrypted master key in storage, allowing for automatic unsealing, which is decrypted only through authorized Vault access.
  • Seal Wrapping: This provides FIPS 140-2 Level 2 secret storage conforming functionality for Critical Security Parameters. Note, that the DuoKey MPC Vault itself is classified by NIST as a FIPS 140-3 Level 2.
  • Entropy Augmentation: Vault Enterprise features a mechanism to sample entropy (or randomness for cryptographic operations) from external cryptographic modules through the Seals interface. While the system entropy used by Vault is more than capable of operating in most threat models, there are some situations where additional entropy from hardware-based random number generators is desirable.
    DuoKey for Vault can harden existing as well as new HashiCorp Vault Enterprise deployments regardless of their current seal configuration.

duoKey for Vault adds an extra layer of protection and is useful in some compliance and regulatory environments, including FIPS 140-2 environments

Vault Enterprise features a mechanism to wrap values with an extra layer of encryption for supporting seals. This adds an extra layer of protection and is useful in some compliance and regulatory environments, including FIPS 140-2 environments

Seal Wrap

Vault Enterprise features a mechanism to wrap values with an extra layer of encryption for supporting seals. This adds an extra layer of protection and is useful in some compliance and regulatory environments, including FIPS 140-2 environments

Entropy Augmentation

Entropy augmentation enables Vault to sample entropy from external cryptographic modules. Sourcing external entropy is done by configuring a supported Seal type which include: PKCS11 seal, AWS KMS, and Vault Transit. Vault Enterprises's external entropy support is activated by the presence of an entropy "seal" block in Vault's configuration file

Auto unseal

Auto Unseal was developed to aid in reducing the operational complexity of keeping the unseal key secure. This feature delegates the responsibility of securing the unseal key from users to a trusted device or service. At startup Vault will connect to the device or service implementing the seal and ask it to decrypt the root key Vault read from storage

SECURITY AND PRIVACY FIRST

Highly secure, always keep your sensitive data private

DuoKey secures data everywhere while enabling customers, not cloud providers, to always maintain control of their encryption keys and their data

Highly secure, always keep your sensitive data private
Granular Access Control Equals Robust Security
SECURITY-FIRST

Granular Access Control Equals Robust Security

Granular access control provides strong authentication and authorizes individuals to access only the information they are allowed to use and see.

Hashicorp Vault by design can't secure its Master Key. We rely now on DuoKey for Vault to protect the Master Key via Seal-Wrap and MPC.

Senior Information Security Architect

See our supported Key Vault for storing your encryption keys

DuoKey for Office365 can leverage on industry vendors HSM like ATOS, Thales, Securosys and Entrust but also integrate our innovative MPC KmaaS powered by SEPIOR MPC

Key Vault for storing your encryption
Securosys for Encryption
Sepior Logo Medblue
ATOS logo - Data Security Services
Amazon Web services
Fortanix for Data Security and encryptions