CloudLink Center encryption key location and protector options This topic provides information about the encryption key location and protector options in CloudLink Center. Keystores The term keystore implies the combination of a key location and a key protector. Encryption keys are stored in a key location and are encrypted, or protected, by a key protector. Key locations CloudLink Center supports several options for the key location that is used to store encryption keys: Local Database—An internal key location Microsoft Active Directory—An external key location Amazon S3—An external key location You must have an Amazon Web Services (AWS) account to use this location. S3-compatible bucket—An external S3-compatible key location Key protectors CloudLink Center supports several options for encryption key protectors. NOTE: The type of available key protector depends on the selected key location. CloudLink Vault—An internal key protector SafeNet LunaSA—An external key protector using a hardware security module (HSM) for protection Microsoft Azure or Azure Stack Key Vault—An external key protector using an Azure or Azure Stack Key Vault for protection KMIP server—An external key protector using a Key Management Interoperability Protocol (KMIP) server for protection Password—The encryption key is protected with a password. Child TopicsBest practices for key location access control and backupThis topic provides information about the best practices for saving, backing up, and restoring CloudLink Center machine encryption keys. CloudLink Center key locationThis topic provides information about the key locations in CloudLink Center. CloudLink key protectorsA key protector is the protection mechanism used to encrypt and protect the volume or device encryption keys. Key protectors include: Parent topic Manage encryption keystores and keys in CloudLink CenterThis chapter provides information about the encryption keystores, keys, and managing them in CloudLink Center.