DuoKey for Vault
We have developed for you DuoKey for HashiCorp Vault Enterprise integration which greatly simplifies the Vault administration. It is a must-have for any HashiCorp Vault Enterprise deployment within an organization storing its sensitive information inside Vault
Built with Security and Privacy in mind
- Master Key Wrapping: The Vault master key is protected by transiting it through the DuoKey Vault MPC rather than having it split into key shares.
- Automatic Unsealing: Vault stores its encrypted master key in storage, allowing for automatic unsealing, which is decrypted only through authorized Vault access.
- Seal Wrapping: This provides FIPS 140-2 Level 2 secret storage conforming functionality for Critical Security Parameters. Note, that the DuoKey MPC Vault itself is classified by NIST as a FIPS 140-3 Level 2.
- Entropy Augmentation: Vault Enterprise features a mechanism to sample entropy (or randomness for cryptographic operations) from external cryptographic modules through the Seals interface. While the system entropy used by Vault is more than capable of operating in most threat models, there are some situations where additional entropy from hardware-based random number generators is desirable.
DuoKey for Vault can harden existing as well as new HashiCorp Vault Enterprise deployments regardless of their current seal configuration.
duoKey for Vault adds an extra layer of protection and is useful in some compliance and regulatory environments, including FIPS 140-2 environments
Vault Enterprise features a mechanism to wrap values with an extra layer of encryption for supporting seals. This adds an extra layer of protection and is useful in some compliance and regulatory environments, including FIPS 140-2 environments
Seal Wrap
Vault Enterprise features a mechanism to wrap values with an extra layer of encryption for supporting seals. This adds an extra layer of protection and is useful in some compliance and regulatory environments, including FIPS 140-2 environments
Entropy Augmentation
Entropy augmentation enables Vault to sample entropy from external cryptographic modules. Sourcing external entropy is done by configuring a supported Seal type which include: PKCS11 seal, AWS KMS, and Vault Transit. Vault Enterprises's external entropy support is activated by the presence of an entropy "seal" block in Vault's configuration file
Auto unseal
Auto Unseal was developed to aid in reducing the operational complexity of keeping the unseal key secure. This feature delegates the responsibility of securing the unseal key from users to a trusted device or service. At startup Vault will connect to the device or service implementing the seal and ask it to decrypt the root key Vault read from storage
Highly secure, always keep your sensitive data private
DuoKey secures data everywhere while enabling customers, not cloud providers, to always maintain control of their encryption keys and their data
- Always client-side encryption is performed
- No third-party can ever access your data
- Monitor who uses your keys
- Dedicated tenant and vault for storing your keys
Granular Access Control Equals Robust Security
Granular access control provides strong authentication and authorizes individuals to access only the information they are allowed to use and see.
Hashicorp Vault by design can't secure its Master Key. We rely now on DuoKey for Vault to protect the Master Key via Seal-Wrap and MPC.
See our supported Key Vault for storing your encryption keys
DuoKey for Office365 can leverage on industry vendors HSM like ATOS, Thales, Securosys and Entrust but also integrate our innovative MPC KmaaS powered by SEPIOR MPC
