Amazon Web Services External Key Store (XKS)

AWS External Key Store (XKS) is a new capability in AWS Key Management Service (KMS) that allows customers to protect their data in AWS using encryption keys held inside CipherTrust Manager or Luna Network HSMs external to AWS.


  • Move critical workloads to the cloud
  • Maintain sovereign control of sensitive data
  • Gain strong key control and security

Obtain digital sovereignty and meet compliance requirements.

  • Using CipherTrust Cloud Key Manager (CCKM)
  • Hold keys outside of AWS to align with the shared responsibility model
  • With CCKM’s single pane of glass, manage AWS Native, AWS CloudHSM, BYOK, and HYOK keys
  • Choose between industry-leading CipherTrust Manager or Luna Network HSM as a key source

Integrate CipherTrust Cloud Key Manager with AWS XKS

Video Source: Thales CPL

CipherTrust Cloud Key Manager (CCKM), which is a licensed component of the CipherTrust Manager, delivers key generation, separation of duties, reporting, and key lifecycle management to help fulfill internal and industry data protection mandates. FIPS 140-2 Level 3 certification available.​​

Enabling Agencies To:

  • Maximize choice from a single console, manage Native, BYOK, HYOK keys across clouds
  • Demonstrate compliance with privacy regulations
  • Improve operational sovereignty to protect against internal and external bad actors
  • Reduce threat surface by centralizing control of keys outside of cloud providers
  • Increase efficiency and reduce costs by simplifying key management
  • Faster time to value by speeding up migration to the cloud


CipherTrust Cloud Key Management Solutions for Amazon Web Services Solution Brief
CipherTrust Cloud Key Manager Product Brief