Store those keys haphazardly and they could fall into the wrong hands. Or, you simply might lose track of what key goes to what service (at which point, you might as well have lost the key). What if you’re a developer and you need some sort of vault to hold encryption key secrets that can then be linked to deployed services? What do you do?
SEE: Checklist: How to manage your backups (TechRepublic Premium)
You might consider an encryption key manager. These are different from password managers, because, in some cases, they actually function in the background to interact with various applications and services that depend on those keys. Of course, if you only need the means to securely store those keys so that you can manually retrieve them later, you could opt to make use of a simple password manager.
But we want more.
Ergo, I have five such tools, each of which does an outstanding job of storing, protecting and (in some instances) using your encryption keys as needed.
Let’s dig into these applications and services to see which one might be the perfect match for your needs or company.
HashiCorp Vault is a powerful tool for storing credentials, passwords, and various types of secrets (including encryption keys) that you can then safely use in your container deployments. If you’re serious about the security of your containers, HashiCorp Vault should most certainly be on your radar. With HashiCorp Vault you can create and secure access tokens, passwords, certificates and encryption keys in such a way as to help you find the necessary balance between locked-down security and useability.
With HashiCorp Vault your developers will also save time because they won’t have to struggle to find a reliable way to manage the secrets they use in their deployments and connecting services to third-party APIs. HashiCorp Vault helps you increase security across clouds and apps, across your entire IT landscape, with hundreds of integrations. With the ability to generate 10,000+ unique tokens daily, your teams can also use HashiCorp Vault to make automation a reality. HashiCorp Vault can be used for free (with the open-source, self-managed version), or you can opt for the managed Cloud plan (starting at 3 cents an hour) or the Enterprise plan (contact sales for information).
Seahorse is an open-source tool, found on many a Linux Distribution, that makes creating, storing and managing encryption keys as user-friendly as it comes. Seahorse can work with SSH keys, GPG keys, passwords, and certificates … all from within a GUI that makes every step of the process simple. Store multiple keys (of each type), sign them, and even sync your keys with remote keyservers.
The one caveat to using Seahorse is that you have to be careful to ensure the keyring is locked when the tool is not in use (otherwise anyone can view your stored passwords). Seahorse also allows you to import keys from a file and export keys to a file. Seahorse is free to use and is found pre-installed on many Linux distributions. Seahorse is not available for either macOS or Windows.
ManageEngine Key Manager Plus
If you’re looking for a web-based SSH and SSL certificate management solution, ManageEngine Key Manager Plus could very well solve this oft-convoluted problem. This platform makes it easy to consolidate, control, manage, monitor and audit your SSH keys and SSL certificates. If your business depends on a large number of SSL keys, across an entire IT landscape of servers, you owe it to your administrators to empower them with the tools to make the management of those keys effortless.
ManageEngine Key Manager Plus can be installed on a local server or you can opt for a hosted plan. Either way, you’ll get real-time dashboards to keep tabs on your keys, reports, schedules and even auditing tools. ManageEngine Key Manager Plus can be used for free as a trial, but you’ll soon have to pay up for a license, so you’ll have to contact the company to receive a quote.
Google Cloud Key Management
With Google Cloud Key Management you can enjoy scalable, centralized, cloud key management that can deliver compliance and privacy, and help bolster the security of your company. This service allows you to use Hardware Security Module (HSMs), and approve/deny any request for your encryption keys based on-premises justifications.
With Google Cloud Key Management you can also use your own managed keys to control the encryption of data across all Google Cloud products. The Google platform allows you to generate, use, rotate and destroy AES256, RSA 2048, RSA 3072, RSA 4096, EC P256, and EC P384 cryptographic keys, so it could easily serve the majority of your encryption key management. The price for Google Cloud Key Management is $3/active key.
If you’re looking for a local, command-line only tool to manage your encryption keys, GnuPG is the de facto standard. With this tool, you can manage key pairs with ease (adding, signing, deleting, revoking and editing). GnuPG is a free implementation of the OpenPGP standard (as defined by RFC4880) and can work with files and even integrates into many email clients for the encryption of your communications.
GnuPG comes pre-installed on most Linux distributions and is also available for macOS and Windows (via Gpg4win). GnuPG has been around since 1997, so its reputation for being one of the more trusted implementations of PGP is well earned.
Subscribe to TechRepublic’s How To Make Tech Work on YouTube for all the latest tech advice for business pros from Jack Wallen.