IBM Unified Key Orchestrator for Containers
Centralized enterprise key management for streamlining the orchestration of the lifecycle of encryption keys
Explore documentation
Person on laptop showing UKO for Containers login screen

Simplify encryption key lifecycle management

IBM Unified Key Orchestrator for Containers (UKO for Containers) empowers enterprises to centrally manage the full lifecycle of encryption keys across hybrid and multicloud environments. Designed to support the modern needs of highly regulated industries such as finance, healthcare and government, UKO for Containers unifies key management under a single pane of glass—simplifying policy enforcement, enhancing visibility and reducing operational complexity. 
Unified key orchestration across platforms

Orchestrate the lifecycle of keys from a centralized interface using a shared mental model—regardless of keystore location or cloud provider.
Multicloud key management at scale

Push and manage encryption keys across IBM Cloud, Microsoft Azure, AWS and Google Cloud using UKO for Containers multicloud-ready architecture.
Centralized key backup and recovery

Mitigate risk of key loss with a secure, central backup repository and one-click recovery of key material.
Stronger compliance and access control

Leverage robust access governance, detailed auditing and integration-ready APIs to meet internal policies and regulatory standards.

Features

Unified key orchestration

Orchestrate the full key lifecycle—including generation, storage, distribution, rotation, revocation and destruction—through UKO for Containers single-pane interface. Keys are created using IBM LinuxONE crypto express cards based on predefined policy templates.

 Managing vaults, templates, keystores and managed keys
External RESTful APIs

Easily integrate UKO for Containers with your business workflows through secure, RESTful APIs. Automate key lifecycle operations and tie into existing compliance and orchestration systems with ease.

 Managing your keys with the key management API
Access governance

Ensure granular control with role-based access, privilege separation and vault isolation. These controls help meet enterprise-grade security and compliance demands for cryptographic systems.

 UKO for Containers user roles
Auditability

Monitor key management operations in real time. Detailed audit logs capture events across the key lifecycle, supporting internal reviews and regulatory audits.

 Auditing events in UKO for Containers

Use cases

Multicloud key management

Standardize your key management across multiple cloud providers including IBM Cloud, Azure, AWS and GCP. UKO for Containers unified model enables consistency and security across all environments.
Microsoft double key encryption

Support Microsoft 365 with Double Key Encryption, where one key remains in your control while the other resides in Azure. This ensures stronger data privacy and regulatory compliance.
z/OS key management

UKO for Containers enables centralized control of z/OS® keys via UKO for z/OS. Manage datasets and key material on IBM Z® and LinuxONE from one platform, simplifying hybrid environment encryption.
Consolidate crypto with ACSP

Pair UKO for Containers with the Advanced Crypto Service Provider (ACSP) to enable crypto over the network. Leverage IBM LinuxONE HSMs to centralize and strengthen cryptographic operations across your distributed environment.
Integrate with IBM Security GKLM

Integrate with IBM Security® Guardium Key Lifecycle Manager through APIs. Use UKO for Containers to generate master keys on hardware crypto and handle encryption/decryption of storage keys securely and on demand.
Take the next step

Discover centralized enterprise key management for streamlining the orchestration of the lifecycle of encryption keys with IBM Unified Key Orchestrator for Containers.
More ways to explore Documentation Support Lifecycle services and support Community