<img alt="" src="https://secure.weed6tape.com/193471.png" style="display:none;">

Services

@
Vault

CloudHSM for AWS

Managed hardware security module (HSM) for AWS

This service combines CloudHSM Economy 🔗 with a tailor-made XKS Proxy to generate and use your own encryption keys in the AWS Cloud.

Important: This service should not be confused with AWS CloudHSM

How it works

The XKS Proxy works as a docker image deployed between your AWS infrastructure and your HSMs in the Securosys cloud. Your keys are stored in your HSMs in the cloud. The XKS Proxy facilitates bidirectional forwarding of requests without accessing the cryptographic data.

Benefits and features

Easy deployment

The XKS Proxy can be quickly deployed in various architectures, including within an AWS VPC EC2 instance or as a public endpoint connection to AWS services for on-premises deployment.

Code transparency

You can review all software code and blueprints, ensuring peace of mind that neither AWS nor Securosys can access the plain view of your customer data.

Data sovereignty

Your HSM is responsible for encryption and decryption operations using your cryptographic key material. AWS KMS or the XKS proxy do not directly interact with your cryptographic data. Instead, all interactions are forwarded through the XKS proxy software that you manage.

Work with an open HSM built on industry standards

Securosys CloudHSM operates on a patented proprietary hardware and software architecture, meticulously crafted and sustained in-house, ensuring end-to-end control without any intermediaries.

Controllable "kill switch"

This incident response tool can deactivate the XKS proxy and stop any ongoing encrypt and decrypt operations utilizing XKS keys. AWS services that have previously loaded a data key into memory for one of your resources will persist in their functionality until you either deactivate the resource or the service key cache expires. 

No maintenance needed

The XKS Proxy is developed and maintained in-house by Securosys. Ensuring continuous updates and vigilance, it remains at the forefront of security standards, safeguarding your systems with the latest defenses.

Related services

CloudHSM Sandbox


A managed service providing a pre-production environment, the ideal for testing & proof-of-concepts. Easily integrate with your applications using industry-standard APIs.

CloudHSM for CyberArk Privileged Access Manager


A managed service to be integrated with the CyberArk Access Manager. Easily store and manage your cryptographic keys used for encryption and decryption of sensitive data, including passwords, access tokens, and other authentication credentials.

CloudHSM Economy


A fully managed HSM service that integrates with your applications using industry-standard APIs, such as PKCS#11, Java Cryptography Extension (JCE), and Microsoft CryptoNG (CNG) libraries.

Getting started

Select a region for your HSM.

Europe (Germany/Switzerland)
clock_hex1b8d4c 1h

de01-api.cloudshsm.com

ch02-api.cloudshsm.com

North America (USA)
clock_hex1b8d4c 1h

us01-api.cloudshsm.com

us02-api.cloudshsm.com

Asia Pacific (Singapore)
clock_hex1b8d4c 1h

sg01-api.cloudshsm.com

Switzerland

clock_hex1b8d4c 1h

ch01-api.cloudshsm.com

ch02-api.cloudshsm.com

Global
clock_hex1b8d4c 1h

de01-api.cloudshsm.com

us01-api.cloudshsm.com

us02-api.cloudshsm.com

sg01-api.cloudshsm.com

Switzerland (Sandbox)

clock_hex1b8d4c 1h

ch01-api.cloudshsm.com

ch02-api.cloudshsm.com

Free trial

90 days
Proceed to the checkout to generate a pricing offer and adjust the VAT.

Pricing

You pay a monthly fee for the CloudHSM Economy (ECO) service. Rates vary by cluster.

The XKS proxy maintenance fee is included.

More resources

Documentation

Contact sales