eskm stage safe door
The most interoperable and integrated Key Manager

Enterprise Secure Key Manager (ESKM)

The most interoperable and integrated Key Manager

eskm appliance frontal
  • Securing capacity of more than 2 million keys for at least 25,000 clients and thousands of ESKM nodes
  • Software included
  • Available for different security levels: FIPS 140-2 Level 1, Level 2, Level 3 and Level 4
Key Benefits

Key Benefits


Unprecedented Capacity

Capacity to manage more than 2 million keys, over 25,000 clients and thousands of ESKM hardware or virtual appliances.


Out-of-the box Software

Use ESKM right out of the box due to the pre-installed, digitally signed software which is verified for immediate use.


Fitting FIPS Certification Level

Choose the right level of FIPS certification for the business from four options.



Secure Keys for Data at Rest, in Use, and in Motion – Fully FIPS Certified

Every organization has customer and employee data that must be protected. ESKM guards against organized attacks, misuse, and data breach exposure which can result in the loss of sensitive data, as well as harm a company’s reputation and brand.

Encryption is easy, however securing and managing the cryptographic keys in a clear and transparent manner may be difficult, but not impossible. ESKM secures keys and provides centralized key management, saving time and money.

ESKM is the first industry-certified Key Management Interoperability Protocol (KMIP) v2.1 offering with market leading support for partner applications and pre-qualified solutions, integrating out-of-the-box with varied deployments, as well as custom integrations.

Key Control and Management through a single pane of glass

  • Controls and manages all keys for auditing controls with digitally signed logs and key lifecycle activities
  • Reduces audit costs and accelerates visibility

Streamlining Data and Processes

  • Unified enterprise key management
  • Reliable policy controls
  • Centralized administration and audit trails to assist in control attestation

Easy Deployment and Simple Licensing

  • Install, configure and simply drop in ESKM as hardware or as a virtual application.
  • Access transparent client licensing, without hidden costs attached to volume of keys or scalability

Hardware-based Security on highest level

  • Locking front bezel and dual pick-resistant locks provides security officers with dual control
  • Security hardened Linux-based server appliance; designed as a FIPS 140-2 Levels 1, Level 2, Level 3 and Level 4 cryptographic module
  • Supports mirrored internal storage, dual networks, dual power, and redundant cooling
  • Provides a terminal interface (serial RS-232C) and VGA for initial installation setup

Included Software for easy use

  • Allows comprehensive monitoring, recovery, scheduled backups, and log rotations, restore functionality
  • Web browser GUI and Command Line Interface supported
  • Supports (among others): AES, 3-Key Triple DES, HMAC, RSA, and ECDSA key types
  • Provides SNMP alerts and SIEM log monitoring
  • Provides TLS and SSH for secure administrator remote access

Fulfills various compliance requirements

  • Designed for NIST SP 800-131A and FIPS 140-2 Levels 1, Level 2, Level 3 and Level 4 requirements
  • Certificate-based mutual client-server authentication, secure administration, and audit logging
  • Common Criteria Evaluation Assurance Level (EAL 2+) certified
  • Conforms with KMIP 1.0 through 2.1 specifications
  • Performs automatic key replication, client load balancing, and fail-over
  • Embedded Local Certificate Authority as an option to protect keys in transit

Single and centralized root of trust

  • Stores the keys used for cryptographic functions by using the foundation on which all secure operations (including key retrieval of vESKM) depend upon
  • Enables an inherently trusted ecosystem

Portfolio Support

  • Further protection of keys at rest by integration of the Utimaco CryptoServer LAN HSM
  • Full integration of vESKM (virtual appliance with FIPS 140-2 Level 1) or ESKM L2 (hardware appliance with FIPS 140-2 level 2) with the UTIMACO GP Hardware Security Module: CryptoServer LAN V5
  • Integration of ESKM L3 and L4 with embedded CryptoServer PCIe card

Robust Scalability and High Availability

  • Geographically separates clusters across datacenters
  • Thousands of clients, thousands of virtual or hardware appliances and millions of keys are supported
  • Highly redundant hardware and failover

Convenient Administration

  • Configuration and automated keys replication through active-active cluster
  • Allows for hands-off administration
  • Performs automated backups and audit logging

Most Interoperable

  • Support for partner applications and pre-qualified solutions through the first industry-certified Key Management Interoperability Protocol (KMIP)
  • OASIS KMIP allows communication with clients for key management operations on cryptographic material, including symmetric and asymmetric keys, certificates and templates
  • Streamlines security policies with a single approach for consistent controls and compliance audits through moving to KMIP
  • Both time and cost effective - a single system to learn, control, maintain and audit, as well the ability to integrate new applications without having to reinvest in management
  • Avoid vendor lock-in and outdated technology
  • Enforces best practices with universal, automated key lifecycle controls

Custom Integrations and Scaled Deployments

  • ESKM is a trusted key manager to safeguard mission critical application keys to support custom use cases with open client libraries such as OpenKMIP and PyKMIP
  • Implements auto-registration with its native XML based KMS protocol
  • Supports the widest client integrations in the industry

Integrates with largest HPE ecosystem and third-party applications

  • ESKM KMIP Integrations (BDT, Bloombase, Brocade, Cryptosoft, ETI-Net, Fornetix, Hitachi Vantara, IBM DB2, MongoDB, NetApp, OpenStack community, Project 6 Research, Quantum, Spectra Logic, Suse, Vmware, ZettaSet)
  • HPE Security and Storage Solutions (Helion (OpenStack Barbican + HPSE), MF Autonomy (Connected MX Backup/Recovery), Nimble, NonStop, Secure Encryption (Proliant/smart array controller), SimplyVity/Hyper Converged, StoreEver, StoreEver Tape Library, StoreOnce, StoreServe 3PAR, XP, XP Storage)

Lower your costs and scale key management with Virtual Enterprise Secure Key Manager (vESKM)

  • A virtual appliance is easily deployed
  • For high availability
  • Easy expansion within an existing environment
  • Centralizes cryptographic processing, security policies and key management in a FIPS 140-2 Level 1 compliant platform
  • Easily implement a virtual key management strategy.

CryptoServer LAN V5

The general-purpose Hardware Security Module as network-attached appliance for the use in data centers. Designed to handle the most common business applications.

Find more details













Contact us

We look forward to answering your questions.

Our Partners

Look for the best implementation or distribution partner for your project.

Get in touch with us

Talk to one of our specialists and find out how Utimaco can help you today.