Key Management Service (KMS)

Data is the core asset of every enterprise, each of which has its sensitive data which needs to be encrypted and protected from a breach. The Key Management Service (KMS) of the Open Telekom Cloud is a secure, reliable, and easy-to-use cloud service that helps users create, manage, and protect keys in a centralized manner.

During implementation, the KMS uses hardware security modules (HSMs) for the professional management of key security. HSMs serve to handle encryption and decryption processes, while a dedicated API is used to access the service. The Open Telekom Cloud allows users a variety of functions, including the ability to deploy their own keys ("bring your own key", BYOK), or "grant customer master key", which allows owners of tenants to issue temporary permissions for access to encrypted data.

A computer chip with an imbedded padlock

Reasons for KMS in the Open Telekom Cloud

Icon of a hand pointing with slider toggles in the background

Easy Use

The KMS generates and stores public keys for accessing data in the Open Telekom Cloud and makes them available to the respective user. It combines the essential security requirements placed on a cloud with usability, as users can manage their keys directly via the console.

Icon of a shield protecting cloud servers

Secure Access

Secure access to your data and integration with other Open Telekom Cloud services is ensured. Cloud Trace (CTS) logs operations on keys and thereby helps fulfil audit and compliance requirements.

Icon of a server stack with joined puzzle pieces in the background

Seamless Integration

KMS can be integrated with OBS, EVS, IMS, and more, enabling a secure and easy data encryption. APIs are also supported, meaning you can call APIs to integrate the KMS into your data encryption applications.

Key Features of KMS

Male hands typing on a laptop with a hologram in the foreground displaying many apps.

BYOK

The Open Telekom Cloud allows users to deploy their own keys (bring your own key), giving you greater control over the creation and durability of your keys.

Icon of storage hardware with two clockwise turning arrows

Multiple Backups

The KMS stores customer master keys (CMKs) redundantly online, physically backs up root keys in multiple copies offline, and performs regular backups to ensure key persistence.

Icon of a key surrounded by a circular arrow

Lifecycle Key Management

Supports full management and lifecycle management of your keys (create, enable, disable, delete, import, rotate, and authorize keys).

Use Case: Temporary Data Access

KMS provides central management and control capabilities of keys for storage services (e.g. for Object Storage Service (OBS)), platform services (e.g. for Relational Database Service (RDS)), and user applications. It is perfectly suited for data encryption and decryption scenarios.

Temporary access rights to encrypted data for (temporary) external workforce
No further administration necessary with "Grant Master Key"
Addresses customer demands for higher security (e.g. protection of intellectual property, industry standards, inhouse regimes, etc.)
Underlines Open Telekom Cloud's security focus

New Features

03/28/2022Configure fine grained access rights for Key Management Service via IAMView Details

02/14/2023System-Disk encryption available in EU-NLView Details

10/11/2023KMS supports Sign & VerifyView Details

Don't want to miss any updates?Visit our portfolio roadmap and discover new services and updates.
Learn more

view all release notes

Find out more

Do you have any questions?

Are you interested in KMS or do you have any questions regarding KMS? I will be happy to answer your questions in a free consultation!
T-Systems International GmbH
Tino Fehnle

Salutation *

Ms. / Mrs.
Mr.
Mx.

Name *

Surname *

E-Mail *

Please enter your e-mail address correctly.

Company name

Country Dialing Code

Phone number

Your phone number seems to be incorrect. Please note it must contain at least four digits. Zeros at the beginning are not considered.

Your phone number seems to be incorrect. Please note that it must have a maximum of 26 characters.

Your phone number appears to be incorrect. Please note that only numbers from 0 to 9 can be used.

Your message

Please solve the security question. *

I consent to the processing of the data I have provided for promotional purposes in order to receive information/offers about products and services of T-Systems International GmbH and Telekom Deutschland GmbH directly by e-mail, letter, telephone, SMS or MMS. Within e-mails/newsletters, my personal usage behavior is registered and evaluated by T-Systems International GmbH and Telekom Deutschland GmbH so that new content and consulting can be better aligned with my personal interests. The consent I have already given remains valid. I can revoke my consent at any time by sending an e-mail to t-systems.marketing@t-systems.com. I have taken note of the information on the right of revocation and the privacy policy (www.t-systems.com/privacy-notice and https://www.telekom.de/datenschutzhinweise). * *

* required fields