eskm stage safe door
The most interoperable and integrated Key Manager in the Market

Enterprise Secure Key Manager

The most interoperable and integrated Key Manager in the Market

  • Single pane of glass of all cryptographic keys
  • Unprecedented Capacity
  • Multi-Cloud capability
  • Compliance with all FIPS Levels
  • Integration Versatility

Delivery Time:

About 2-4 weeks
Key Benefits

Key Benefits


Central Key Management and Control

Provides a single pane of glass of all cryptographic keys, complete with digitally signed logs and key lifecycle activities, reducing audit costs, enhancing visibility, and accelerating operational efficiency.


Unprecedented Capacity

Provides capacity for >2 million keys, >25,000 clients, and thousands of ESKM nodes per distributed cluster


Highest Level of Security on the Hardware Level

FIPS 140-2 Level 1, Level 2, Level 3, and Level 4 (physical) compliant architecture. Embedded Utimaco GP HSM for highest local key protection.



Utimaco's Enterprise Secure Key Manager (ESKM) offers organizations of all sizes a superior solution for key storage and management capabilities, delivering high security and compliance. It enables unified enterprise key management with reliable policy controls, centralized administration, and comprehensive audit trails. This streamlines operations, reduces costs, and assists in control attestation. 

Secure and Manage your Keys for Data at Rest and Data in Use – Fully FIPS-certified

Every organization has customer and employee data that must be protected. By securing the cryptographic keys used to encrypt the data, ESKM guards against attacks, misuse, and data breach exposure which can result in the loss of sensitive data, as well as harming a company’s reputation and brand.

In addition, ESKM provides centralized key management through a single pane of glass, saving time and money for organizations of all sizes.

ESKM is the first industry-certified Key Management Interoperability Protocol (KMIP) v2.1 offering with market leading support for partner applications and pre-qualified solutions, integrating out-of-the-box with varied deployments, as well as custom integrations.

Cloud Integrations and BYOK

ESKM integrates with all major Cloud Service Providers to help organizations transition to the cloud securely. With the BYOK (Bring Your Own Key) concept, enterprises encrypt their own data while retain control of their encryption keys.

ESKM chart multi-cloud-key-management

Easy Deployment and Integration

ESKM provides easy deployment and licensing processes. It can be effortlessly installed and configured; simply drop in as hardware or virtual appliance. Access transparent client licensing, with no hidden costs attached to key volume or scalability.

Supporting OASIS KMIP, RESTful API, KMS it enables broad integration versatility. It also comes with included, pre-installed, digitally signed, and verified software for immediate startup and a Software Development Kit (SDK).

Certifications and Compliance

  • Compliance:
    • FIPS 140-2 Level 1 (ESKM L1 (Virtual appliance)
    • FIPS 140-2 Level 2 (ESKM L2 (1U appliance))
    • FIPS 140-2 Level 3 (ESKM L3 (1U appliance)) 
    • FIPS 140-2 Level 4 (ESKM L4 (1U appliance))
  • Safety: UL/CUL, CE, TUV, BIS, BSMI, SII
  • Emissions: FCC Class B, VCCI, BSMI, C-Tick, IC, KCC
  • Environmental: RoHS, REACH

Supported Cryptographic Algorithms

  • Such as AES, 3-Key Triple DES, HMAC, RSA, and ECDSA key types
  • TLS and on-demand backups with SSH key authentication, for secure administrator remote access

Application Programming Interfaces (APIs)

  • OASIS KMIP (Key Management Interoperability Protocol)
  • RESTful interface API
  • KMS

Custom Integrations

  • Simplified RESTful API interface for key CRUD (Create, Read, Update, Delete) operations and crypto
  • Supports open client libraries such as KMIP, OpenKMIP and PyKMIP
  • Conforms with KMIP 1.0 through 2.1 specifi cations
  • Implements auto-registration with native XML-based KMS protocol
  • NIC Teaming Support

High Availability

  • Highly redundant hardware to ensure highest operation continuity
  • Active-active cluster with thousands of notes per cluster, supporting thousands of clients and millions of keys
  • Automatic key replication and hands-off administration
  • Audit logging

Pre-Installed Software

  • Comprehensive monitoring, recovery, scheduled backups, log rotations, and restore functionality
  • Web browser GUI and Command Line Interface supported
  • SNMP alerts and SIEM log monitoring
  • TLS and on-demand backups with SSH key authentication, for secure administrator remote access

Security and Compliance

  • Meets NIST SP 800-131A Standards
  • FIPS 140-2 Levels 1, 2, 3 and 4 (physical) (depending on the ESKM Deployment Option
  • Compliant CC EAL2+
  • Meet audit and compliance mandates with controls for PCI-DSS, HIPAA, EU data privacy laws, and other regional privacy mandates

Ease of Use

  • Certificate-based mutual client-server authentication, secure administration, and audit logging
  • Performs automatic key replication, client load balancing, and fail-over
  • Embedded Local Certificate Authority as an optional feature
  • Automated backups
  • Client failover


Our on-premise options allow hosting the product directly on-site in your own network or data center.

  • LAN Appliance
  • Virtual Appliance


Huawei logo














Contact us

We look forward to answering your questions.

How can we help you?

Talk to one of our specialists and find out how Utimaco can support you today.
You have selected two different types of downloads, so you need to submit different forms which you can select via the two tabs.

Your download request(s):

    By submitting below form you will receive links for your selected downloads.

    Your download request(s):

      For this type of documents, your e-mail address needs to be verified. You will receive the links for your selected downloads via e-mail after submitting below form.

      About Utimaco's Downloads

      Visit our Downloads section and select from resources such as brochures, data sheets, white papers and much more. You can view and save almost all of them directly (by clicking the download button).

      For some documents, your e-mail address needs to be verified. The button contains an e-mail icon.

      Download via e-mail


      A click on such a button opens an online form which we kindly ask you to fill and submit. You can collect several downloads of this type and receive the links via e-mail by simply submitting one form for all of them. Your current collection is empty.