Key management service for symmetric and asymmetric keys, certificates, and other secret material — pluggable backends include software KMS, HSM via PKCS#11, Vault, and KMIP-compliant appliances. Equivalent to AWS KMS / Azure Key Vault / Cloud KMS in the cross-provider mapping
FluffyStack toolsJurisdictional exposure
Sub-services (3)
Secrets
Generic secret store covering keys, certificates, passphrases
Orders
Async key-generation requests with HSM backends
Containers
Grouped secrets (e.g. certificate + private key + chain)
Tags
Equivalent services on other platforms
Create and manage cryptographic keys for encryption at rest and in transit with AWS-managed, customer-managed, and imported keys, automatic rotation, and FIPS 140-2 validated HSMs
Centralised vault for cryptographic keys, secrets, and certificates with HSM-backed keys, managed certificate renewal, and RBAC or access-policy enforcement
Cloud-hosted key management for encryption at rest with symmetric and asymmetric keys, customer-supplied keys, HSM-backed keys, and automatic rotation
Unified cryptographic services including Key Management Service for envelope encryption, Cloud Secret Management Service for secret storage and rotation, Key Pair Service for SSH key management, and Dedicated HSM for FIPS 140-2 Level 3 workloads
Centralised key and secret management service with HSM-backed symmetric and asymmetric keys, automatic rotation, and envelope encryption for OCI resources
Managed cryptographic key service with customer master keys (CMKs), envelope encryption for Tencent services, automatic and manual rotation, imported key material (BYOK), Managed HSM for single-tenant FIPS 140-2 Level 3 compliance, and audit logging via CloudAudit