Unified Key Orchestrator for Containers

Unified Key Orchestrator for Containers provides efficient and security-rich centralized key management.

It includes:

• A central repository. All keys are stored in a central repository with metadata such as activation dates and usage. By storing all key material in a central repository, backup can be easily achieved by including the database in existing database backup procedures. This facilitates easy recovery if keys are lost.
• Enhanced workflow. By employing automated, semi-automated, and bulk key management processes, workflow can be improved to enable your organization to effectively manage high key volumes.
• Policy based key generation. Keys are generated based on key templates that determine the attributes of keys, allowing keys to be consistently created on-demand. Supports the NIST key state model.
• Security-rich key generation. Key generation takes place within the IBM cryptographic coprocessor where keys are generated with a random number generator.
• Role-based access control. The UKO access control system is role-based and controls the access to functions. The security administrator can define functions that are available for each role and assign users to these roles.
• Dual control. UKO roles can be configured to require that two or more persons must be involved to generate, activate, and distribute keys, thus providing dual control for critical operations.
• Audit logging. Every important activity is logged in a central repository.