AWS BYOK Service

Secure your AWS services using your own (BYOK) keys

A Turn-Key BYOK Cloud Key Management Service


Need to generate and manage your own BYOK keys, but don’t know how? You came to the right place.

With Cryptomathic's AWS BYOK Service, we provide organizations with a secure service with HSMs (hardware security modules) that are under the sole logical control of Cryptomathic, dedicated only to BYOK for AWS applications.

Our AWS BYOK Service allows you to generate, push and manage your own keys within 10 minutes:

  • Set up a secure connection between the Cryptomathic AWS BYOK Service and AWS KMS
  • Generate Keys and Push Keys to AWS KMS

The service also gives you a 360-degree view of all your keys, including key-lifecycle information and user activity.


HubSpot Video


New call-to-action

What is BYOK and do I need it?

AWS happily takes care of generating and managing all encryption keys for you when you use AWS services. However, many AWS clients are uncomfortable with leaving all keys in the hands of their hyperscaler, thus AWS introduced the notion of BYOK: Bring Your Own Key. 

The process is simple enough: Generate your own (symmetric) key and encrypt it using AWS’ public key. Then upload it to AWS KMS, set the permissions and you're done.

Our AWS BYOK Service frees you from the hassle of having to procure, setup, manage, patch and maintain your own key-generation and management infrastructure, which is resource-intensive and requires specialist know-how.


Security and Compliance

For security and control purposes, Cryptomathic provides hosted HSMs which are under our full logical control. They are operated out of Northern Europe, firmly within the EU in a SOC 2 data center.

Many organizations want to improve on their compliance profile with regards to privacy and security frameworks where encryption and a degree of self-control are required. Examples include GDPR, HIPAA, PCI-DSS and other. 

With the Cryptomathic BYOK as a Service solution you will be able to demonstrate compliance by downloading reports on the system and by documenting which keys where generated, when they were pushed and when any changes happened.  GET YOUR SET UP GUIDES HERE!