Security + Simplicity

HSM-grade security with Software-defined simplicity
KMS/HSM for app

Self-Defending Key Management Service™

Fortanix Self-Defending Key Management Service (SDKMS) is the world's first cloud solution secured with Intel® SGX. With SDKMS, you can securely generate, store, and use cryptographic keys and certificates, as well as secrets, such as passwords, API keys, tokens, or any blob of data. Request a demo

Designed for ease of use with security you control


SDKMS, the world’s first unified key management platform built on HSM-grade security, secures any KMS use case including TDE, Storage Multi-cloud and Blockchain. SDKMS also delivers Tokenization, Secrets Management and HSM; Central management, audit and control. Secured with Intel SGX, built for cloud scale/resiliency, SDKMS reduces threats and consolidates costs.​


SDKMS provides virtually impenetrable security to your data, keys and secrets. Secured with Intel® SGX and built using Fortanix's patented Runtime Encryption® Technology, SDKMS runs every operation in HSM-grade security, ensuring complete control over your keys, data and secrets. Comprehensive audit logs provide you insight into how secrets are being used, helping you meet compliance.​


SDKMS provides control of and visibility into your key management operations using a centralized web-based UI with enterprise level access controls and single sign-on support. Your business-critical applications and containers can integrate with SDKMS using traditional cryptographic interfaces (PKCS#11, KMIP and more) or its native RESTful interface.


SDKMS is built to scale horizontally and geographically as your demand for managing your keys and secrets increase. This is ensured while providing automated load-balancing, fault-tolerance, disaster recovery, and high availability. SDKMS can be deployed globally and for hybrid or multi-cloud environments.

Easy to get started

  • 1{
  • 2    "alg": "AES",
  • 3    "mode": "GCM",
  • 4    "iv": "4NAZhXu3aL+SsSaPI+kKPQ==",
  • 5    "ad": "RnJvbTogaW5mb0Bmb3J0YW5peC5jb20=",
  • 6    "plain": "c2VjcmV0IG1lc3NhZ2U=",
  • 7    "tag_len": 128
  • 8}

Use cases

Multi-Cloud Key Management

SDKMS enables you to make a secure and seamless transition to hybrid or multi-cloud. With unified HSM and Key Management capabilities and a scalable distributed architecture, SDKMS can service encryption for any application in any cloud.

Read blog on How to BYOK to the cloud

HSM as a ServiceAWSAzureGoogle CloudIBM Cloud

Data at rest Encryption

SDKMS delivers scalable distributed key storage with auto key synchronization capabilities to address strong performance and availability requirements for the encryption of a distributed database, data lake or a data storage system. With SDKMS you can start small and grow as your data needs grow.

Read KB on How to Encrypt Oracle TDE

TDEDatabase Encryption Data Lake Data warehouse IBM DB2 Oracle Storage Encryption MS SQL

Public Key Infrastructure (PKI)

SDKMS runs the entire key management inside HSM. No one other than the authorized user has access to the keys. SDKMS' scale-out distributed design ensures that it can scale to meet the rising demand for PKI fueled by Internet of Things (IoT), digital transformation and cloud-native applications.

Read KB on MS PKI

PKI CA Secure manufacturing IoT code signing document signing

Network Security (SSL/TLS)

Scale-out distributed key storage helps organizations close the encryption gap with the ability to keep all the keys (not just master key) in the HSM trust boundary. SDKMS delivers end-to-end encryption such that no key is ever outside of the trust boundary when the key is in use in memory.

Read KB on Using SDKMS for Nginx TLS

Web Servers VPN Proxy Nginx Apache SSL TLS


SDKMS delivers unmatched security and availability for Blockchain private keys including support for powerful yet easy to use policies for multi-sig with quorum approval, and strong access control.

Read Solutions Brief on Blockchain Key Management

Blockchain Private Keys Multisig


SDKMS delivers unified Key Management and Hardware Security Module (HSM) capabilities to VMware virtualized environments. The solution offers easy integration via KMIP with vSphere VM Encryption and vSAN encryption to protect virtual machines and data-at-rest.

Read KB on VMware Encryption

VMware Virtualization vSphere vSAN Data at rest Encryption

Consumption model

Fortanix SDKMS can be consumed as a SaaS, dedicated managed tenant or on-premises appliance depending on your business, compliance or operational requirements.

Ready to test Fortanix SDKMS? Request a demo