# Vault

### Overview

#### Introduction

Enclaive Vault is a comprehensive solution for Cross Cloud Secret Management, unlocking the future of multi-cloud security. It centralizes key control outside the cloud, enhances data protection, and streamlines operations across diverse cloud platforms.

#### Challenges

Enclaive offers Europe's most fortified cloud ecosystem, ensuring unmatched security and confidentiality for applications and data. It provides a cost-effective solution with the best price/performance ratio on the market.

#### Benefits

* **Confidentiality:** All environments are confidential by design, leveraging cutting-edge hardware-graded security.
* **Ease of Use:** Configuring the environment of choice is simplified with just a few clicks.

### Features

#### Elasticity

Efficiently adjust resource scaling to flexibly accommodate fluctuating demands without excessive allocation.

#### Multi Cloud Support

Vault is versatile, supporting deployment in various cloud or on-premises environments—ideal for hybrid, confidential, and cross-cloud architectures.

#### Hardware-Graded Security

Establish trust in the hardware foundation by selecting either the CPU, TPM, HSM as the anchor and source of randomness.

#### Crypto Agile

Handle PK, EC, and PQ cryptography with adaptability to evolving NIST/BSI/NATO standards and breakthroughs.

### Identity and Access Management

#### Authentication Methods

Identify users with authentication methods, ranging from username/password to SSO.

#### Cloud Platform IAM Integration

Integrate with cloud platform IAMs (AWS, Azure, GCP) for seamless user management.

#### JSON Web Tokens

Instantiate workload and services with JSON web tokens, enabling fine-grained access control based on roles or groups.

### Key Management

#### Credential Safeguarding

Enhance security by safeguarding credentials, certificates, and keys without impeding development.

#### Cryptographic Algorithms

Access NIST/BSI standardized cryptographic algorithms for encryption, decryption, digital signatures, and secure key management.

#### Certificate Authority

Establish a Certificate Authority for issuing, renewing, and revoking digital certificates for various purposes.

### Secret (De-)Provisioning

#### Encrypted Disk Volumes

Manage the keys that securely encrypt disc volumes for enhanced security.

#### SSH Key Management

Simplify the management of SSH keys for secure access control.

#### User Passwords in Databases

Refresh user passwords in SQL, NoSQL, and vector databases, ranging from MariaDB, Postgres, MongoDB to Redis.

### HSM Support

#### Linking to HSM

Link the security of Vault to a hardware security module for added protection.

#### Unsealing Vault Secrets

Unseal vault secrets stored in physically protected storage for secure access.

#### Entropy Generation

Generate entropy from a physical source of randomness to enhance overall security.

{% content-ref url="<https://app.gitbook.com/o/u3yTMU8vRj5QnT6MPkEF/s/ZAOyClhisJhRvjIxLjXP/>" %}
[Vault](https://app.gitbook.com/o/u3yTMU8vRj5QnT6MPkEF/s/ZAOyClhisJhRvjIxLjXP/)
{% endcontent-ref %}