SignetStack Labs
Confidential-Computing Key Management

Signet KMSTM

Enclave-isolated keys, multi-tenant, post-quantum-aware.

Talk to us ← The platform
Overview

Enclave-isolated keys, multi-tenant, post-quantum-aware.

Signet KMS is the portfolio-wide, post-quantum-aware key-management service: a multi-tenant KMS whose most sensitive operations run inside a confidential-computing enclave, so plaintext key material never leaves a hardware-isolated boundary. Every caller is bound to its own tenant by mutual TLS, sensitive operations can require M-of-N quorum approval, keys can be federated across organisations, and every operation emits a signed, four-layer attestation bundle.

Capabilities

What it delivers

01

Enclave-isolated operations

A TEE worker models the Nitro Enclave boundary, key unwrap, re-seal and HMAC happen inside; plaintext key material never crosses the enclave.

02

KEK / DEK / signer managers

Key-encryption keys, data-encryption keys and signing keys, sharded per tenant for hard isolation.

03

mTLS tenant binding

Mutual-TLS with a certificate SAN-URI bound to the tenant, so a caller can only ever reach its own keys.

04

Quorum & federation

M-of-N quorum approval for sensitive operations, plus cross-organisation key federation.

05

Per-operation attestation

Every operation emits a four-layer signed bundle, identity, policy, decision, commitment, for independent audit.

06

Confidential cloud or on-prem

Deploys to AWS Nitro, Azure Confidential and GCP Confidential VMs, or an on-prem PKCS#11 HSM.

Standards & alignment

What it speaks

Confidential computingAWS Nitro / Azure / GCPmTLS · per-tenantFIPS 140-3 algorithm mapPost-quantum-aware
Status, stated honestly
K-1 alpha (v0.1.0-alpha), core key managers, the mutual-TLS REST surface, the confidential-computing worker, quorum/federation and per-operation attestation are implemented; FIPS-mode operation and SOC 2 Type I scoping are in preparation, not yet certified.
Part of the Signet Data Trust Network Platform, built on Signet Core and the platform's shared cryptographic foundation.

Enclave-isolated keys, multi-tenant, post-quantum-aware.

Talk to us

AltStyle によって変換されたページ (->オリジナル) /