We are pleased to announce the final portion of the official release of CipherTrust Cloud Key Manager (CCKM) Version 2.10.0 – CCKM support for AWS KMS External Key Store (XKS) Hold Your Own Key (HYOK).
In support of AWS re:Invent 2022 (28 Nov – 2 Dec), we delayed announcing the Thales CCKM integration with AWS KMS XKS which supports CipherTrust Manager (CM) and Luna Network HSM as external key stores.
Thales and AWS innovated to create a versatile, feature-rich HYOK implementation, providing customers with choices in managing their keys. The collaboration extends the existing key management ownership model of Bring Your Own Key (BYOK) with a Hold Your Own Key (HYOK) offer. With the integration of AWS XKS and CCKM, AWS customers can now choose to have data encrypted with keys physically located outside of the AWS Cloud. The externally stored keys are only accessible via explicit customer authorization.
The external key store (located on either CM or Luna Network HSM) and managed by CCKM contains the customer-managed HYOK keys and executes the cryptographic operations within the customers sovereign control.
AWS XKS supports most AWS services already integrated with AWS KMS.
The top takeaway is:
Thales launches CipherTrust Cloud Key Manager v2.10.0 integrated with the AWS External Key Store (XKS) which supports CipherTrust Manager and Luna Network HSM as external key stores.