Thales banner

Amazon Web Services External Key Store (XKS)

Obtain digital sovereignty and meet compliance requirements.

  • Using CipherTrust Cloud Key Manager (CCKM)
  • Hold keys outside of AWS to align with the shared responsibility model
  • With CCKM’s single pane of glass, manage AWS Native, AWS CloudHSM, BYOK, and HYOK keys
  • Choose between industry-leading CipherTrust Manager or Luna Network HSM as a key source
CipherTrust Manager Key Management
Win the connected and autonomous car race while protecting data privacy and intellectual property - eBook

Join "The Keys to Sovereignty in the Cloud" Webinar

Our presenter Romain Deslorieux, Thales Director of Strategic Partnerships will discuss "The Keys to Sovereignty in the Cloud".

360° Cloud Security for 2023

Watch the Webinar

Integrate CipherTrust Cloud Key Manager with AWS XKS

AWS External Key Store (XKS) is a new capability in AWS Key Management Service (KMS) that allows customers to protect their data in AWS using encryption keys held inside CipherTrust Manager or Luna Network HSMs external to AWS.


  • Move critical workloads to the cloud
  • Maintain sovereign control of sensitive data
  • Gain strong key control and security
Transparent Encryption

CipherTrust Cloud Key Manager (CCKM), which is a licensed component of the CipherTrust Manager, delivers key generation, separation of duties, reporting, and key lifecycle management to help fulfill internal and industry data protection mandates. FIPS 140-2 Level 3 certification available.​​

Enabling Organizations To:

  • Maximize choice from a single console, manage Native, BYOK, HYOK keys across clouds
  • Demonstrate compliance with privacy regulations such as GDPR, Shrems II, PCI-DSS, CCPA
  • Improve operational sovereignty to protect against internal and external bad actors
  • Reduce threat surface by centralizing control of keys outside of cloud providers
  • Increase efficiency and reduce costs by simplifying key management
  • Faster time to value by speeding up migration to the cloud
CipherTrust Manager Key Management
t systems

Varying data protection regulations across countries have presented a challenge for global organisations migrating to the cloud. The CipherTrust Cloud Key Manager simplifies this challenge and ensures we remain compliant while taking advantage of all the benefits of leveraging cloud services. The ability to lean on Thales’ solution has become especially important, as we, and other organisations, increasingly rely on multi-cloud environments.”

Heleen Herselman

VP AWS Powerhouse at T-Systems Cloud Service

CipherTrust Cloud Key Management Solutions for Amazon Web Services

Cloud Key Management solutions for AWS can accelerate the ability of organizations to safely migrate sensitive data between AWS and on-premises infrastructures.

CipherTrust Cloud Key Management

Amplify the benefits of your native keys. CipherTrust Cloud Key Management (CCKM) respects your choice to use native keys, while providing the opportunity to expand your key ownership models to include BYOK and HYOK. CCKM centralizes key management for Native, BYOK and HYOK cloud keys from a single browser window, across multiple clouds, regions, accounts, subscriptions, projects, applications, org ids and more.

Deploy the Free Community Edition on AWS Marketplace