Access a secure, application-friendly, and cloud-based key management solution.

IBM Db2 on Cloud now offers integration with IBM Key Protect—accessible through the Db2 on Cloud console—so you can upload, change, and manage private encryption keys in one place. Key Protect is a cloud-based security service that provides lifecycle management for encryption keys that are used in IBM Cloud or customer-built applications. Key Protect provides roots of trust (RoT) backed by a hardware security module (HSM).

How it works

With the Key Protect service, Db2 on Cloud will provide your business control over its keys. Db2 on Cloud will use the keys in Key Protect to encrypt the password used to open the local key store. The password for the local key store will be encrypted using the key protect key. Whenever the key store needs to be opened, the encrypted password in the stash file will be decrypted by making the REST calls to the Key Protect API. 

Control encrypted data in the cloud

Import your own root of trust encryption keys (CRKs) into Key Protect using the Key Protect API to wrap and unwrap the keys associated with your data resources.

Cloud-based HSM protection

Your keys are wrapped in other encrypted keys protected by a cloud-based HSM. The HSMs are at FIPS-140-2 Level 2. All programmatic interfaces are secured by TLS and mutual authentication. Deleted keys and data under those deleted keys are never recovered.

Application independence

Key Protect’s APIs generate, store, retrieve, and manage keys independent of your application’s logic. This enables you to create applications that encrypt data in custom databases or use encrypted block storage in an application-specific format.

Get started

It’s as easy as 1-2-3:

  1. Create or import a key in the Key Protect service on IBM Cloud.
  2. Grant a service authorization for the Db2 service instance to access the Key Protect service instance.
  3. On the Db2 console, select the key to be used and gain complete control.

Key features

  1. Complete self-service options to manage your keys in the IBM Cloud UI or through the Key Protect API, to grant/revoke access service authorization on the IBM Cloud UI, and to select/change the key on the Db2 console.
  2. Key rotation per your security schedule.
  3. Full access to the Key Protect service after migrating your instance to resource groups.

Start using Key Protect through the Db2 on Cloud console today. You can manage a single key or millions of keys.

Visit the Key Protect service page to learn more about how you can more effectively manage your encrypted keys through the cloud.

More from Analytics

How data stores and governance impact your AI initiatives

6 min read - Organizations with a firm grasp on how, where, and when to use artificial intelligence (AI) can take advantage of any number of AI-based capabilities such as: Content generation Task automation Code creation Large-scale classification Summarization of dense and/or complex documents Information extraction IT security optimization Be it healthcare, hospitality, finance, or manufacturing, the beneficial use cases of AI are virtually limitless in every industry. But the implementation of AI is only one piece of the puzzle. The tasks behind efficient,…

IBM and ESPN use AI models built with watsonx to transform fantasy football data into insight

4 min read - If you play fantasy football, you are no stranger to data-driven decision-making. Every week during football season, an estimated 60 million Americans pore over player statistics, point projections and trade proposals, looking for those elusive insights to guide their roster decisions and lead them to victory. But numbers only tell half the story. For the past seven years, ESPN has worked closely with IBM to help tell the whole tale. And this year, ESPN Fantasy Football is using AI models…

Data science vs data analytics: Unpacking the differences

5 min read - Though you may encounter the terms “data science” and “data analytics” being used interchangeably in conversations or online, they refer to two distinctly different concepts. Data science is an area of expertise that combines many disciplines such as mathematics, computer science, software engineering and statistics. It focuses on data collection and management of large-scale structured and unstructured data for various academic and business applications. Meanwhile, data analytics is the act of examining datasets to extract value and find answers to…

Financial planning & budgeting: Navigating the Budgeting Paradox

5 min read - Budgeting, an essential pillar of financial planning for organizations, often presents a unique dilemma known as the “Budgeting Paradox.” Ideally, a budget should give the most accurate and timely idea of anticipated revenues and expenses. However, the traditional budgeting process, in its pursuit of precision and consensus, can take several months. By the time the budget is finalized and approved, it might already be outdated.In today's rapid pace of change and unpredictability, the conventional budgeting process is coming under scrutiny.It's…

IBM Newsletters

Get our newsletters and topic updates that deliver the latest thought leadership and insights on emerging trends.
Subscribe now More newsletters