IBM Cloud Hyper Protect Crypto Services
Cloud data encryption that’s protected by a dedicated cloud hardware security module and enables multicloud key management
Get started Try a tutorial
A man with glasses working on a computer.
What is Hyper Protect Crypto Services?

Hyper Protect Crypto Services is a single-tenant, hybrid cloud key management service. Unified Key Orchestration, a part of Hyper Protect Crypto Services, enables key orchestration across multicloud environments. Hyper Protect Crypto Services is built on FIPS 140-2 Level 4 certified hardware (link resides outside, the highest level in the industry.

  • Keep your own key: exclusive encryption key control
  • Manage security policies and orchestrate across multicloud environments from a single point of control (UKO)
Unified Key Orchestration: easy multicloud key management

Securely managing AWS S3 encryption keys with Hyper Protect Crypto Services and Unified Key Orchestration

Read the blog post
Key control

Retain complete control of your data encryption keys.

Data and digital-asset security

Use the FIPS 140-2 Level 4 hardware security module.

Compliance support

Strengthen regulatory compliance with access controls.

Unified Key Orchestration

Manage keys in a hybrid multicloud world.

Created to protect digital assets Access the highest level of security. Lifecycle management for keys

A GUI and a REST API track keys as they progress. Deleted data is no longer retrievable, regardless of the application that stored it.

Read documentation
Encryption for IBM Cloud services

IBM Cloud services can integrate with this product. Expect a common-key-provider API for a consistent approach in IBM Cloud adoption.

Read documentation
Multicloud key management

Extend protection across cloud deployments. Manage all keys in one place, with added protection and simplicity.

Read the documentation
Security certification

The service is built on FIPS 140-2 Level-4-certified hardware—the highest offered by any cloud provider in the industry.

Read documentation
HSM control

Single-tenant, dedicated HSMs are controlled by you. IBM Cloud administrators have no access.

Read documentation
Key ceremony

Take ownership of HSM. IBM is the first to provide cloud command-line interface (smart cards) for the HSM key ceremony.

Read documentation


Get started with this crypto product Experience the creation and key ceremony for IBM Cloud Hyper Protect Crypto Services. Watch the demo (03:56)

IBM Cloud Hyper Protect Crypto Services Protect Data in Azure and MS Office with IBM Cloud Hyper Protect Crypto Services with Unified Key Orchestration Watch the video (15:22)

This product and IBM Cloud for VMware Explore an overview of IBM Cloud® Hyper Protect Crypto Services for VMware. Watch the demo (02:04)

Integrate: IBM Cloud Object Storage Learn how to protect IBM Cloud® Object Storage using Hyper Protect Crypto Services. Watch the video (05:36)

Get started Provision the service

Create an instance of the service and get started.

Initialize the HSM

Initialize your instances first.

Manage keys and encrypt data

Use a key management service and perform cryptographic operations.

Use promo code HPCRYPTO30 to get two crypto units at no charge for 30 days.

Get started

VMware is a registered trademark of VMware, Inc. or its subsidiaries in the United States and/or other jurisdictions.