AiStor Logo

Key Management Server

Highly available, powerful and operationally simple, MinIO's Enterprise Key Management Server is optimized for large storage infrastructures where billions of cryptographic keys are required.

Key Management Server
Key Management Server

MinIO's AIStor KMS establishes its foundational trust using the concept of an hardware security module (but given KES is software, this is only a concept). That module assumes a pivotal role in sealing and unsealing the KMS root encryption key. The module responsibility extends to safeguarding the integrity of KMS by allowing the unsealing of its encrypted on-disk state and facilitating communication among nodes within a KMS cluster.

It solves the challenges associated with billions of cryptographic keys and hundreds of thousands of cryptographic operations per node per second - which are commonplace in larger deployments.

The MinIO AIStor KMS should be used in situations where an object-storage specific key management server is needed. This generally starts when there are millions of cryptographic keys to be managed.

High Availability and Fault Tolerance

High Availability and Fault Tolerance

In the dynamic landscape of large-scale systems, network or node outages are inevitable. Taking down a cluster for maintenance is rarely feasible. MinIO's AIStor KMS ensures uninterrupted availability, even when faced with such disruptions, mitigating cascading effects that can take down the entire storage infrastructure. Specifically, you could lose all but one node of a cluster and still handle any encryption, decryption or data key generation requests.

Predictable Behavior

Predictable Behavior

MinIO's AIStor KMS is designed to be easily managed, providing operators with the ability to comprehend its state intuitively. Due to its simple design, MinIO's AIStor KMS is significantly easier to operate than similar solutions that rely on more complex consensus algorithms like Raft, or Paxos.

Scalability

Scalability

While the amount of data usually only increases, the load on a large-scale storage system may vary significantly from time to time. MinIO's AIStor KMS supports dynamic cluster resizing and nodes can be added or removed at any point without incurring any downtime.

Consistent and Performant

Consistent and Performant

The responsiveness of the KMS for GET/PUT operations directly influences the overall efficiency and speed of the storage system. MinIO's AIStor KMS nodes don’t have to coordinate when handling such requests from the storage system. Therefore, the performance of a MinIO's AIStor KMS cluster increases linearly with the number of nodes. Further, MinIO's AIStor KMS supports request pipelining to handle hundreds of thousands of cryptographic operations per node and second.

Multi-Tenancy

Multi-Tenancy

Large-scale storage infrastructures are often used by many applications and teams across the entire organization. Isolating teams and groups into their own namespaces is a core requirement. MinIO's AIStor KMS supports namespacing in the form of enclaves. Each tenant can be assigned its own enclave which is completely independent and isolated from all other enclaves on the KMS cluster.

Simplicity

Simplicity

Operating a KMS cluster does not require expertise in cryptography or distributed systems. Everything can be done from the AIStor Console.

AIStor Logo
Key Management Server

FAQ

Key Management Server

Learn more

Solving Scale in Security: MinIO Key Management Server
Blog
Solving Scale in Security: MinIO Key Management Server
MinIO AIStor Feature Set
Blog
MinIO AIStor Feature Set
Blog
Introducing KES - Key Management at Scale

Contact Us

Send us an message by completing the form below. You can
also connect with us at hello@min.io
Ask an Expert

Chat directly with our engineering team about your KMS Questions

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Get started using

AIStor Logo
Ensure production success - across use cases and industries. Get Started

You are using Internet Explorer version 11 or lower. Due to security issues and lack of support for web standards, it is highly recommended that you upgrade to a modern browser.