Access a secure, application-friendly, and cloud-based key management solution.

IBM Db2 on Cloud now offers integration with IBM Key Protect—accessible through the Db2 on Cloud console—so you can upload, change, and manage private encryption keys in one place. Key Protect is a cloud-based security service that provides lifecycle management for encryption keys that are used in IBM Cloud or customer-built applications. Key Protect provides roots of trust (RoT) backed by a hardware security module (HSM).

How it works

With the Key Protect service, Db2 on Cloud will provide your business control over its keys. Db2 on Cloud will use the keys in Key Protect to encrypt the password used to open the local key store. The password for the local key store will be encrypted using the key protect key. Whenever the key store needs to be opened, the encrypted password in the stash file will be decrypted by making the REST calls to the Key Protect API. 

Control encrypted data in the cloud

Import your own root of trust encryption keys (CRKs) into Key Protect using the Key Protect API to wrap and unwrap the keys associated with your data resources.

Cloud-based HSM protection

Your keys are wrapped in other encrypted keys protected by a cloud-based HSM. The HSMs are at FIPS-140-2 Level 2. All programmatic interfaces are secured by TLS and mutual authentication. Deleted keys and data under those deleted keys are never recovered.

Application independence

Key Protect’s APIs generate, store, retrieve, and manage keys independent of your application’s logic. This enables you to create applications that encrypt data in custom databases or use encrypted block storage in an application-specific format.

Get started

It’s as easy as 1-2-3:

  1. Create or import a key in the Key Protect service on IBM Cloud.
  2. Grant a service authorization for the Db2 service instance to access the Key Protect service instance.
  3. On the Db2 console, select the key to be used and gain complete control.

Key features

  1. Complete self-service options to manage your keys in the IBM Cloud UI or through the Key Protect API, to grant/revoke access service authorization on the IBM Cloud UI, and to select/change the key on the Db2 console.
  2. Key rotation per your security schedule.
  3. Full access to the Key Protect service after migrating your instance to resource groups.

Start using Key Protect through the Db2 on Cloud console today. You can manage a single key or millions of keys.

Visit the Key Protect service page to learn more about how you can more effectively manage your encrypted keys through the cloud.

More from Analytics

How IBM Data Product Hub helps you unlock business intelligence potential

4 min read - Business intelligence (BI) users often struggle to access the high-quality, relevant data necessary to inform strategic decision making. These professionals encounter a range of issues when attempting to source the data they need, including: Data accessibility issues: The inability to locate and access specific data due to its location in siloed systems or the need for multiple permissions, resulting in bottlenecks and delays. Inconsistent data quality: The uncertainty surrounding the accuracy, consistency and reliability of data pulled from various sources…

Watsonx.data introduces support for a suite of modern dataops tools

2 min read - We’re excited to announce that IBM® watsonx.data™ now supports a powerful suite of tools for the modern dataops stack: data-build-tool, Apache Airflow, and VSCode. With data build tool (dbt) compatibility for both Spark and Presto engines, automated orchestration through Apache Airflow, and an integrated development environment via VSCode, watsonx.data offers a new set of rich capabilities. These features empower teams to efficiently build, manage and orchestrate data pipelines. The challenge of complex data pipelines Organizations today face the challenge of…

IBM Planning Analytics: The scalable solution for enterprise growth

5 min read - Companies need powerful tools to handle complex financial planning. At IBM, we've developed Planning Analytics, a revolutionary solution that transforms how organizations approach planning and analytics. With robust features and unparalleled scalability, IBM Planning Analytics is the preferred choice for businesses worldwide. We’ll explore the aspects of IBM Planning Analytics that set it apart in the enterprise performance management landscape. We delve into its architecture, scalability and core technology, highlighting its data handling capabilities and modeling flexibility.We'll also showcase its…

IBM Newsletters

Get our newsletters and topic updates that deliver the latest thought leadership and insights on emerging trends.
Subscribe now More newsletters