Sold by: enclaiveÂ
Deployed on AWS
Hold your own Key and migrate your HSM to the cloud for enhanced scalability and flexibility. Securely bring your own keys, provision secrets for cloud native applications, operate cross cloud while utilizing hardware-graded security to ensure their protection.
Overview
Image
AWS Confidential Kubernetes
Video
Product video
Confidential Computing and HYOK: Encrypted AWS Kubernetes is a cutting-edge solution designed to provide unparalleled security for sensitive workloads in the cloud. This offering combines enclaive Virtual HSM to deliver robust encryption and secure key management within AWS Kubernetes, ensuring data protection at the highest level.
enclaive vHSM secure, flexible and cost efficient Protect your digital keys with enclaive's innovative vHSM solution! Our virtual hardware security modules offer a highly secure and scalable alternative to traditional HSMs. Why enclaive vHSM? Security at the highest level with Confidential data protected by confidential computing! Full Flexibility with Seamless Integration in Cloud, OnPrem & Hybrid Environments! Cost optimization with no need of expensive physical hardware, but maximum security! Powerful & scalable, Perfect for dynamic IT security requirements! Test now & optimize your key management!
Highlights
- Elasticity helps organizations optimize their spending. You pay for the resources you use, and you don't need to provision for peak loads all the time. This can result in cost savings because you're not maintaining and paying for resources that are underutilized during off-peak periods.
- Manage PKCS, EC, an PQ-ready cryptography in a way that allows for flexibility and adaptability to changing NIST/BSI/NATO cryptographic standards and crypto-analytical breakthroughs.
- Scalability enables the automatic provisioning and de-provisioning of resources based on real-time demand. When the vHSM experiences increased traffic or workloads, it can automatically add more computing resources (like virtual machines) to handle the load. When the demand decreases, the resources are scaled down to save costs.
Details
Sold by
Categories
Delivery method
Supported services
Delivery option
ECS delivery option
Latest version
Operating system
Linux
Deployed on AWS
Unlock automation with AI agent solutions
Fast-track AI initiatives with agents, tools, and solutions from AWS Partners.
Features and programs
Financing for AWS Marketplace purchases
AWS Marketplace now accepts line of credit payments through the PNC Vendor Finance program. This program is available to select AWS customers in the US, excluding NV, NC, ND, TN, & VT.
Pricing
Pricing is based on a fixed subscription cost. You pay the same amount each billing period for unlimited usage of the product. Pricing is prorated, so you're only charged for the number of days you've been subscribed. Subscriptions have no end date and may be canceled any time.
Additional AWS infrastructure costs may apply. Use the AWS Pricing Calculator to estimate your infrastructure costs.
- $1,400.00/month
Vendor refund policy
Refunds may be considered under the following conditions: Technical Issues: If enclaive vHSM experiences technical issues or outages that are not resolved within a reasonable timeframe, customers may be eligible for a refund. Mistaken Purchases: If the service was purchased by mistake and the customer has not used it, a refund request can be made within 14 days of the purchase.
Legal
Vendor terms and conditions
Upon subscribing to this product, you must acknowledge and agree to the terms and conditions outlined in the vendor's End User License Agreement (EULA)Â .
Content disclaimer
Vendors are responsible for their product descriptions and other product content. AWS does not warrant that vendors' product descriptions or other product content are accurate, complete, reliable, current, or error-free.
Delivery details
ECS delivery option
Supported services: Learn moreÂ
- Amazon ECS
Container image
Containers are lightweight, portable execution environments that wrap server application software in a filesystem that includes everything it needs to run. Container applications run on supported container runtimes and orchestration services, such as Amazon Elastic Container Service (Amazon ECS) or Amazon Elastic Kubernetes Service (Amazon EKS). Both eliminate the need for you to install and operate your own container orchestration software by managing and scheduling containers on a scalable cluster of virtual machines.
Version release notes
bug fixes
Additional details
Usage instructions
Prerequisites
-
Create IAM Role ecsTaskRole
- Trust relationship: ecs-tasks.amazonaws.com
- Managed Policies:
- AWSMarketplaceMeteringFullAccess
- AWSMarketplaceMeteringRegisterUsage
-
VPC Configuration
- Private subnet with internet access via NAT Gateway
- Public subnet with automatic public IP assignment
- Security group ecs-ec2-sec-group (inbound port 22)
- Security group ecs-task-sec-group (inbound port 8200)
-
ECS Cluster Setup
- Launch type: Amazon EC2
- Auto Scaling group: Select "Create new ASG"
- Container instance AMI: AL2023
- EC2 instance type: Choose one from the supported configurationsÂ
- EC2 instance role: Select "Create new role"
- SSH Key pair: Create a new key pair or use an existing one
- Subnets: Public subnet
- Security group: ecs-ec2-sec-group
Installation Steps
-
Create Task Definition
- Launch Type: Amazon EC2
- OS/Architecture: Linux/x86_64
- Network Mode: awsvpc
- Task Role: ecsTaskRole
- Task Execution Role: Select "Create new role"
- Image URI:
709825985650.dkr.ecr.us-east-1.amazonaws.com/enclaive/virtualhsm:1.4.3-2b - Environment Variables:
ENCLAIVE_LICENCE="<enclaive-vhsm-licence>" - Linux Capabilities: IPC_LOCK
- Command:
server -dev -dev-listen-address=0.0.0.0:8200
-
Run ECS Task
- Launch Type: EC2
- Subnets: Private subnet
- Security Group: ecs-task-sec-group
-
Retrieve IP Address
- Access the task details and retrieve the private IP address of the task's ENI.
-
Save the IP Address
- You'll need this IP to configure the vHSM CLI.
-
Connect to the EC2 Instance
- Use your SSH key pair and connect to the instance.
-
Retrieve Credentials from Logs
- Access container logs to get:
- Unseal key
- Root token
- Access container logs to get:
-
Store Keys
- Save the unseal key and root token - required to access the vHSM.
Production Configuration
For production configuration and hardening, refer to: DocumentationÂ
vHSM CLI
- Download the CLI wget <https://vhsm.enclaive.cloud/static/vhsm>
- Configure the Vault client to talk to the dev server. export VAULT_ADDR='http://<task-eni-private-ip-address>:8200'
- vHSM CLI DocumentationÂ
Resources
Vendor resources
Support
Vendor support
When you purchase enclaive vHSM, you can expect comprehensive technical support and enablement. Our dedicated team is here to assist you with any issues or questions you may have. For support, you can contact us via email at support@enclaive.io or use the contact form available on our website at <www.enclaive.io >. We are committed to ensuring you get the most out of our product.
AWS infrastructure support
AWS Support is a one-on-one, fast-response support channel that is staffed 24x7x365 with experienced and technical support engineers. The service helps customers of all sizes and technical abilities to successfully utilize the products and features provided by Amazon Web Services.
Similar products
enclaive vHSM - Ubuntu - Machine Image
By enclaive
enclaive vHSM (Virtual Hardware Security Module) is a software-based security solution. It provides cryptographic functions like secure boot, key management, and encrypted communication to protect data from cyber threats.
Customer reviews
No customer reviews yet
Be the first to review this product . We've partnered with PeerSpot to gather customer feedback. You can share your experience by writing or recording a review, or scheduling a call with a PeerSpot analyst.