CipherTrust Manager

CipherTrust Manager offers the industry leading enterprise key management solution enabling organizations to centrally manage encryption keys, provide granular access control and configure security policies. CipherTrust Manager is the central management point for the CipherTrust Data Security Platform. It manages key lifecycle tasks including generation, rotation, destruction, import and export, provides role-based access control to keys and policies, supports robust auditing and reporting, and offers developer friendly REST API.

CipherTrust Manager is available in both virtual and physical form-factors that integrate with FIPS 140-2 validated Thales TCT Luna T-Series and third-party Hardware Security Modules (HSMs) for securely storing master keys with highest root of trust. These appliances can be deployed on-premises in physical or virtualized infrastructures and in public cloud environments to efficiently address compliance requirements, regulatory mandates and industry best practices for data security. With a unified management console, it makes it easy to set policies, discover and classify data, and protect sensitive data wherever it resides using the CipherTrust Data Security Platform products.

CipherTrust Manager Diagram
  • Centralized key management for multiple on-premises data stores and cloud infrastructures
  • Reduced risk with unified data discovery, classification and sensitive data protection
  • Simplified management with self-service licensing portal and visibility into licenses in use
  • Cloud friendly deployment options with support for AWS, Azure, Google Cloud, VMware, Oracle Cloud Infrastructure and more
  • Support for superior key control with Thales TCT’s T-Series HSM
  • Unparalleled partner ecosystem of integrations with leading enterprise storage, server, database, application and SaaS vendors


Simplifies management of encryption keys across their entire lifecycle, including secure key generation, backup/restore, clustering, deactivation, and deletion. It makes automated, policy-driven operations easy to perform, and generates alarms for events of interest.


Provides a unified console for discovering and classifying sensitive data integrated with a comprehensive set of CipherTrust Data Protection Connectors to encrypt or tokenize data to reduce risk and satisfy compliance regulations


Unifies key management operations with role-based access controls and provides full audit log review. Authenticates and authorizes administrators and key users using existing AD and LDAP credentials.


Provides capabilities required to create multiple domains with separation of duties to support large organizations with distributed locations.


Offers new REST interfaces in addition to KMIP and NAE-XML APIs, for developers to simplify deployment of applications integrated with key management capabilities and automate testing and development of administrative operations.


Includes tracking of all key state changes, administrator access, and policy changes in multiple log formats (RFC-5424, CEF, LEEF) for easy integration with SIEM tools.


CipherTrust Manager can use Thales TCT’s Luna T- Series HSMs as root of trust. Meeting government mandates for U.S. Supply Chain, the high-assurance, tamper-resistant Luna T-Series HSMs are designed, developed, manufactured, sold, and supported in the United States. CipherTrust k160 uses a removable FIPS 140-2 certified token or high assurance token as a root of trust.

Virtual Appliances Physical Appliances
Features k170v k470v k160 k570*
Administrative Interfaces Management Console, REST API, kscfg (system configuration), (ksctl (Command Line Interface)
Network Management SNMP v1, v2c, v3, NTP, Syslog-TCP
Security Authentication Local User , AD, LDAPS, Certificate based authentication, Supports Open ID Connect (OIDC)
System Formats RFC-5424, CEF, LEEF
Supported HSMs for Root of Trust Luna Network HSM, Luna T-Series Network HSM, Luna Cloud HSM, AWS Cloud HSM, Azure Dedicated HSM, IBM Cloud HSM, IBM Cloud Hyper Protect Crypto Services Cloud HSM Removable token HSM using either a FIPS 140-2Certified Token or High Assurance Token Embedded FIPS 140 Level 3 & CNSS approved Luna T-series HSM
Maximum Number  of Keys Tested up to 1M Keys (more possible with appropriately sized virtual environments) Tested up to 1M Keys (more possible with appropriately sized virtual environments) Maximum capacity of 10,000 symmetric keys.

Maximum of 100 keys using concurrent connections.

1 Million Keys
Maximum Domains (multi-tenancy) 100 1000 100 1000

CipherTrust Manager Physical Appliance

k160 k570
Dimensions 6.5” x 4.0” x 1.5” (165.1mm x 101.6mm x 38.1mm) 19” x 21” x 1.725” (482.6mm x 533.4mm x 43.815mm)
Hard Drive 1x 128GB mSATA SSD SE 1x 2TB SATA SE (Spinning Disk)
CPU Atom E3845 Processor SoC Xeon E3-1275v6 Processor
NIC Support 1x 1GB 4x1GB or 2x10Gb/2x1Gb (NIC Bonding capable)
Rack Mount Standard 1U shelf mount can be optionally purchased (can house up to two k160s) Standard 1U rack mountable
Sliding rails can be optionally purchased
Power External power supply included, locking DC connector Dual hot swappable power supplies
Safety and Compliance FCC, CE CSA C-US,  FCC, CE, VCCI, C-TICK, KC Mark, BIS
Mean Time Between Failure 170,869 hours 153,583 hours
FIPS Support Removable FIPS 140-2 Token or High Assurance Token HSM Embedded FIPS 140 Level 3 & CNSS approved Luna T-series HSM

CipherTrust Manager Virtual Appliance

k170v k470v
System Requirements
  • RAM (GB): 16
  • Hard Disk (GB): 100
  • NICs: 1 or more
  • CPUs: up to 4 CPU max
  • RAM (GB): 16 or more
  • Hard Disk (GB): 200 or more
  • NICS: 2 or more
  • CPUs:5 or more
Clouds/Hypervisors Supported
  • Public Clouds: AWS Cloud, Microsoft Azure, Google Cloud Enterprise (GCE), Oracle Cloud Infrastructure (OCI)
  • Private Clouds/Hypervisors: VMware vSphere (6.5, 6.7 and 7.0), Microsoft Hyper-V, Nutanix AHV, OpenStack (QCOW2)
  • AWS GovCloud, Azure Government Cloud also supported

*Thales TCT can also offer CipherTrust k470 physical appliance. CipherTrust k470 offers the same features and specifications as CipherTrust k570 but does not include an embedded HSM. CipherTrust k470 utilizes an external FIPS Certified Physical or Cloud HSM as secure root of trust.

Advanced data protection for AWS S3 with CipherTrust Transparent Encryption Solution Brief
Amazon Web Services (AWS)
AppViewX and Thales Trusted Cyber Technologies Luna Network HSM Solution Brief
Avoiding Amazon S3 Data Leaks with Scalable Encryption and Access Controls Solution Brief
Best Security Practices for milCloud Data Migration Solution Brief
Blue Prism
CipherTrust Cloud Key Management Solutions for Amazon Web Services Solution Brief
CipherTrust Cloud Key Manager Product Brief
CipherTrust Data Discovery and Classification Walkthrough
CipherTrust Data Protection Gateway Product Brief
CipherTrust Data Security Platform Data Sheet
CipherTrust Data Security Platform Self Guided Tour
CipherTrust Encryption key management solutions for Microsoft® SQL Server® and Oracle® Database Solution Brief
CipherTrust Live Data Transformation Product Brief
CipherTrust Manager k160 Product Brief
CipherTrust Manager k570 Product Brief
CipherTrust Manager Product Brief
CipherTrust Platform Community Edition
CipherTrust Security Intelligence Product Brief
CipherTrust Teradata Protection Solution Brief
CipherTrust Transparent Encryption for Kubernetes Product Brief
CipherTrust Transparent Encryption for Teradata Vantage Solution Brief
CipherTrust Transparent Encryption Product Brief
CM7 Network Manager Product Brief
CN4010 Product Brief
CN4020 Product Brief
CN6010 Product Brief
CN6100 Product Brief
CN6140 Product Brief
CN9120 Product Brief
Cohesity and KeySecure for Government
CTERA Enterprise File Services Platform and Thales TCT CipherTrust Manager Solution Brief
CTO Sessions On Demand: Are You Quantum Ready?
CTO Sessions On Demand: Best Practices for Data in Transit Encryption
CTO Sessions On Demand: Data Protection at the Edge
CTO Sessions On Demand: Preventing Ransomware in Microsoft 365 Environments
CTO Sessions On Demand: Protecting Your Data in Their Cloud (On Demand Webcast)
CTO Sessions On Demand: Securing the Convergence of HPC and AI in the Enterprise
CTO Sessions: Taking Control of 2023’s Top Tech Trends
CV1000 Product Brief
Cyber EO Compliance Video Series – Part 2 – Multi-Factor Authentication
Cyber EO Compliance Video Series – Part 3 – Data at Rest Encryption
Cyber EO Compliance Video Series – Part 4 – Data in Transit Encryption
Cyber EO Compliance Video Series – Part 5 – Securing Cloud Deployments
Cyber EO Compliance Video Series – Part 6 – Implementing a Zero Trust Architecture
Data Discovery & Classification Product Brief
Data Discovery & Classification Solution Brief
Data Protection Solutions for the Edge Solution Brief
Dell and Thales TCT Integration Brief
Dell EMC
Dell Technologies and Thales Delivering Secure & Dfficient storage
DoD STIG Compliance Virtualization-Based Security – External Key Management Solution Brief
eBook: Encrypt Everything
eBook: High Speed Ethernet WAN
eBook: Ryuk: Everything You Need to Know About the Ransomware Targeting U.S. Governments & Government Agencies
Enterprise Key Management for NetApp Solution Brief
Enterprise Key Management Solutions for KMIP Clients, TDE and LUKS Solution Brief
Entrust and Thales TCT HSMs Solution Brief
Google Cloud
Hewlett Packard Enterprise (HPE)
HID ActiveID and Thales TCT Luna Network HSM Solution Brief
HID Global
Hitachi Vantara
How Ransomware attacks leverage unprotected RDPs Solution Brief
How to Integrate UiPath with Thales TCT’s Luna Credential System
HPE 3PAR StoreServ and Thales CipherTrust Manager
HPE servers and storage with Thales CipherTrust Data Security Platform Solution Brief
Industry Insight: Supply Chain Risk Management
Infographic: CipherTrust Data Security Platform Infographic
Infographic: Luna Credential System
Information Security Corporation (ISC)
Integrated Data Discovery and Classification with Enhanced Protection Product Brief
Introduction to Thales’ CipherTrust Enterprise Key Management Solutions
ISC and Thales TCT HSM Solution Brief
KeySecure G160 Product Brief
KeySecure G350v Product Brief
KeySecure G460 Product Brief
Klas Telecom Government
Luna as a Service Solution Brief
Luna Credential System & UiPath RPA: Addressing Federal CAC/PIV Requirements with PKI Authentication
Luna Credential System Product Brief
Luna Credential System Video
Luna G5 for Government HSM Product Brief
Luna HSMs for Commercial Solutions for Classified (CSfC) Solution Brief
Luna Network HSM Product Brief
Luna PCI-E for Government HSM Product Brief
Luna PCIe HSM Product Brief
Luna SA for Government Product Brief
Microsoft Azure Advanced Data Protection Solution Brief
Multi-Factor Authentication for CipherTrust Transparent Encryption
NetApp and Thales TCT Solution Brief
Network Encryption Family Overview Brief
Nutanix and Thales TCT Solution Brief
On Demand Master Class: Zero Trust Beyond the Buzzword
On Demand Webinar – Intelligence Community: Cyber Security is National Security
On Demand Webinar: Best Practices for Cloud Data Protection
On Demand Webinar: Best Practices for Data Visibility
On Demand Webinar: Building a Root of Trust to Secure the Most Sensitive Data
On Demand Webinar: Complementing Splunk: Balancing Big Data Benefits & Big Risks
On Demand Webinar: Fireside Chat: Data Protection for Multi-Domain Operations
On Demand Webinar: Getting to Compliance with the National Security Memo on Cybersecurity
On Demand Webinar: How To Issue Hardware-Based Identity Credentials To Software Robots
On Demand Webinar: No-Excuse Defenses Against Supply Chain Attacks
On Demand Webinar: Rapid Protection for Teradata Database and Big Data Environments
On Demand Webinar: Shifting the Mindset from “Breach Prevention” to “Acceptance”
On Demand Webinar: The Key Pillars for Protecting Sensitive Data
Palo Alto Networks
Panasas PanFS and Thales TCT CipherTrust Manager Solution Brief
Ping Identity
Product Demo: Protecting AWS S3 Buckets: AWS KMS vs Transparent Encryption COS S3 from Thales
Protecting Data with Thales CipherTrust Manager and Dell EMC PowerEdge Server
Protecting Data with Thales Key Management and Dell EMC VxRail HCI System
Quantum Enhanced Keys Solution Brief
Red Hat
Redhat and Thales TCT Solution Brief
Research Study: Security Weaknesses in Data in Motion Identified in Cybersecurity Survey
Robotic Process Automation Industry Insight
RPA Cryptographic Authentication — Thales TCT and Blue Prism
SafeNet Authentication Service Private Cloud Edition Product Brief
SafeNet IDPrime 930 and 930nc Product Brief
SafeNet IDPrime PIV
Securing Infoblox DNSSEC Implementations with Thales TCT’s Luna Network HSM Solution Brief
Securing UiPath Credential Stores with Luna Vault Solution Brief
Security Management Center Product Brief
sKey3250 Product Brief
Smart Card 650 Product Brief
Solution Brief: Data Protection Solutions for the Edge
Solution Brief: Votiro + Office 365
SureDrop Product Brief
Thales Authentication Family Brief
Thales High Speed Encryption Solutions Family Overview
Thales IDPrime FIDO 2.0 Smartcard Demo
Thales TCT and Splunk Solution Brief
Thales TCT HSM Product Family Overview Brief
Thales TCT Luna Hardware Security Solutions for Microsoft Certificate Services
Thales TCT Solutions for the NSM on Improving Cybersecurity of NSS Solution Brief
Thales TCT Solutions for White House Executive Order on Cybersecurity
Thales TCT: Protecting the Most Vital Data from the Core to the Cloud to the Field
Thales Trusted Cyber Technologies Product Overview
Thales Trusted Cyber Technologies Solutions for Continuous Diagnostics and Mitigation DEFEND
Top 10 Reasons CipherTrust Intelligent Protection will Protect Your Data & Reduce Your Risk
Top 10 Reasons for Protecting Your Organization with CipherTrust Data Security Platform
Top 5 Ways to Comply with the White House EO on Cybersecurity – Part 1 – Setting the Stage
UiPath RPA Cryptographic Authentication with Luna Credential System
Video: CipherTrust Data Discovery & Classification
Virtual CipherTrust Manager Product Brief
VMware and Thales Deliver Secure Hyper-Converged Infrastructure Solution Brief
VMware and Thales Deliver Secure Virtual Machine Encryption Solution Brief
VMware and Thales TCT Integration Brief
Vormetric Data Security Platform Product Brief
Votiro + Office 365 Solution Brief
Votiro Secure File Gateway for Email
Votiro Secure File Gateway for Web Applications
Votiro Secure File Gateway vs Secure Email Gateway Solution Brief
White Paper: Best Practices for Cloud Data Protection and Key Management
White Paper: Best Practices for Cryptographic Key Management
White Paper: Best Practices for Implementing the White House Executive Order on Improving the Nation’s Cybersecurity Infrastructure
White Paper: Best Practices for Secure Cloud Migration
White Paper: Best Practices for Securing Network Function Virtualization Environment
White Paper: CipherTrust Data Security Platform Architecture
White Paper: CipherTrust Transparent Encryption
White Paper: CJIS Data-in-Transit Encryption Standards
White Paper: Continuous Diagnostics and Mitigation: Data Protection & Assurance
White Paper: Data Protection at the Edge
White Paper: Ethernet WAN Solutions Compared
White Paper: High Assurance Encryption for Healthcare Network Data
White Paper: High Speed Encryption Solutions Across MPLS Networks
White Paper: HIPAA Compliance Checklist
White Paper: Key Management
White Paper: MACsec for WAN and High Assurance Encryptors
White Paper: Malicious Macros
White Paper: Network Independent Encryption
White Paper: NIST 800-53 Mapping to CipherTrust Data Security Platform
White Paper: NIST 800-57 Recommendations for Key Management Requirements Analysis
White Paper: NIST Cybersecurity Framework and Ransomware Prevention Guidance Mapping
White Paper: Own and Manage Your Encryption Keys
White Paper: Prevent Ransomware Attacks from Disrupting Your Agency with the CipherTrust Platform
White Paper: Roots of Trust
White Paper: Secure Multicast Transmission
White Paper: Securing Network-Attached HSMs
White Paper: Securing SD-WAN
White Paper: Securing the Keys to the Kingdom with Splunk and Thales
White Paper: Splunk and Thales Industry Standard Protection for Your Log Data
White Paper: Thales TCT Solutions for CMMC
White Paper: The Case for Centralized Multicloud Encryption Key Management
White Paper: The Importance of KMIP Standard for Centralized Key Management
White Paper: The Key Pillars for Protecting Sensitive Data in Any Organization
White Paper: Top Five Ways to Address Requirements in National Security Memo on Improving Cybersecurity of National Security Systems
Zero Trust Solutions from Thales TCT Solution Brief