Key Management

  • Hardware Security Modules (HSM): Integration with cloud-based or on-premises HSMs (e.g., AWS CloudHSM, Azure Key Vault) for secure generation, storage, and rotation of cryptographic keys.

  • Envelope Encryption: Implements envelope encryption for data at rest, where data encryption keys (DEKs) encrypt datasets and are themselves encrypted by a master key stored in the HSM.

  • Automated Key Rotation: Configurable rotation schedules for master and data keys, with rotation logs maintained in the Meta‑Data Catalog for auditability.

PreviousSecurity OverviewNextSandboxed Environments

Last updated