Skip to main content
Google Cloud, AWS, and Azure logos
Your keys in your clouds
Entrust KeyControl provides Bring Your Own Key (BYOK) functionality for single or multiple cloud platforms, giving you flexibility, scalability, and complete control of your encrypted workloads in Amazon Web Services, Google Cloud Platform (coming soon), and Microsoft Azure.
view from above of man in server room looking down at laptop

Generate your encryption keys on-premises for use in the cloud

When encrypting workloads in the cloud, you want to know exactly where and how your cryptographic keys were created and have total control of them. But you can’t get that assurance with native cloud provider keys, and you can’t use those keys across multiple clouds.

With the BYOK functionality provided by Entrust KeyControl, you can create your encryption keys on-premises, back them up, and export them to the cloud securely.

Download our "Key Management in the Cloud" white paper for an overview of the key management lifecycle, and the options and best practices for key ownership, control, and possession in the cloud.

How It Works

KeyControl BYOK cloud encryption key

Benefits of KeyControl BYOK

personkey icon white
Complete Control

KeyControl BYOK provides full granular control and key lifecycle management for your keys across clouds, with a GUI tool – a single pane of glass.

gears icon white
Automated Efficiency

Automated key rotation, backups, and expiry actions simplify management and compliance with your security policies

cloudsecurity icon white
Ready to Integrate and Upgrade

KeyControl BYOK integrates seamlessly with optional nShield FIPS 140-2 Level 3 HSMs and can be upgraded with Entrust DataControl for a multi-cloud encryption solution.

KeyControl BYOK Resources

KeyControl for Virtualized Environments

KeyControl also provides key management for virtualized encrypted workload environments.

Contact Us

Our experts will contact you to discuss how our solution can meet your needs.