CloudLink Center encryption key location and protector options

This topic provides information about the encryption key location and protector options in CloudLink Center.

Keystores

The term keystore implies the combination of a key location and a key protector. Encryption keys are stored in a key location and are encrypted, or protected, by a key protector.

Key locations

CloudLink Center supports several options for the key location that is used to store encryption keys:

  • Local Database—An internal key location
  • Microsoft Active Directory—An external key location
  • Amazon S3—An external key location

    You must have an Amazon Web Services (AWS) account to use this location.

  • S3-compatible bucket—An external S3-compatible key location

Key protectors

CloudLink Center supports several options for encryption key protectors.

NOTE: The type of available key protector depends on the selected key location.
  • CloudLink Vault—An internal key protector
  • SafeNet LunaSA—An external key protector using a hardware security module (HSM) for protection
  • Microsoft Azure or Azure Stack Key Vault—An external key protector using an Azure or Azure Stack Key Vault for protection
  • KMIP server—An external key protector using a Key Management Interoperability Protocol (KMIP) server for protection
  • Password—The encryption key is protected with a password.