<img alt="" src="https://secure.weed6tape.com/193471.png" style="display:none;">
    Download Application Note

    Securosys XKS Proxy

    Welcome to Securosys XKS Proxy - Your key to enhanced data security on AWS

    The Securosys XKS Proxy empowers you with AWS External Key Store (XKS), a cutting-edge capability within AWS Key Management Service (KMS). This feature enables you to fortify your data protection in AWS using encryption keys stored securely inside Securosys on-premises Primus HSMs or Securosys managed HSM service (CloudsHSM) external to AWS.

    When you opt for AWS KMS External Key Store (XKS), you replace the KMS key hierarchy with a new, external root of trust, where all root keys are generated and safeguarded within the HSM you provide and operate. When AWS KMS performs encryption or decryption, it communicates with the Securosys HSMs via the Securosys XKS proxy, ensuring robust security throughout the process.

    Take charge of your AWS KMS keys with confidence, knowing that your cryptographic objects remain protected within the tamper-proof Securosys CloudsHSM or Primus HSM, away from the AWS cloud.

    How Securosys XKS Proxy Works

    Securosys XKS Proxy acts as the secure intermediary between AWS KMS and your Securosys Primus HSM or CloudsHSM. The Securosys XKS proxy never directly interacts with your HSM, and it cannot access, manage, or manipulate your keys. Instead, all communication between AWS KMS and your cryptographic objects is channeled through the Securosys XKS Proxy.

    Deploying the XKS proxy is simple and seamless, facilitated by the user-friendly Securosys XKS Proxy docker image. It can be downloaded from our Securosys support portal - please contact us if you are interested in learning more. You have the flexibility to deploy the XKS proxy within an AWS EC2 instance or directly within your own environment, giving you complete control over your encryption workloads.



    By integrating the Securosys XKS Proxy with your AWS KMS, you gain a multitude of benefits.

    Enhance data security with strong key control and digital sovereignty
    Your cryptographic keys reside outside of the AWS KMS cloud, ensuring that only you can decrypt protected content, guaranteeing AWS does not have access to your private keys.
    Meeting the highest compliance requirements
    Securosys CloudsHSMs and the FIPS140-2 Level 3 and CC EAL 4+ certified Primus HSM, empowers you to meet stringent compliance requirements. Our transparent approach allows you to review all software code and blueprints, providing peace of mind that neither Microsoft nor Securosys can access the plain view of your customer data.
    Quick and Easy deployment
    Swiftly deploy the Securosys XKS proxy, allowing you to focus on safeguarding your sensitive data rather than navigating through intricate setup processes.

    You'll find the Securosys XKS Proxy invaluable if you seek complete control over your sensitive data, need to maintain keys within geographical boundaries, or desire to move critical encryption workloads away from AWS and into the cloud. If you would like to know more, download the application note now.

    Choose Securosys XKS Proxy today and take charge of your AWS KMS keys with utmost confidence and security! 

    Alternatively, if you wish to enhance your AWS Key store by importing the master key, generated inside one of your Securosys CloudsHSM or on-premises Primus HSMs please visit Introducing Securosys AWS Bring Your Own Key.