Security + Simplicity

HSM-grade security with Software-defined simplicity

Self-Defending Key Management Service™

Fortanix Self-Defending KMS is the world's first cloud solution secured with Intel® SGX. With Fortanix Self-Defending KMS, you can securely generate, store, and use cryptographic keys and certificates, as well as secrets, such as passwords, API keys, tokens, or any blob of data. Request a demo

Designed for ease of use with security you control


Fortanix Self-Defending KMS, the world’s first unified key management platform built on HSM-grade security, secures any KMS use case including TDE, Storage Multicloud and Blockchain. Fortanix Self-Defending KMS also delivers Tokenization, Secrets Management and HSM; Central management, audit and control. Secured with Intel SGX, built for cloud scale/resiliency, Fortanix Self-Defending KMS reduces threats and consolidates costs.​


Fortanix Self-Defending KMS provides virtually impenetrable security to your data, keys and secrets. Secured with Intel® SGX and built using Fortanix's patented Runtime Encryption® Technology, Fortanix Self-Defending KMS runs every operation in HSM-grade security, ensuring complete control over your keys, data and secrets. Comprehensive audit logs provide you insight into how secrets are being used, helping you meet compliance.​


Fortanix Self-Defending KMS provides control of and visibility into your key management operations using a centralized web-based UI with enterprise level access controls and single sign-on support. Your business-critical applications and containers can integrate with Fortanix Self-Defending KMS using traditional cryptographic interfaces (PKCS#11, KMIP and more) or its native RESTful interface.


Fortanix Self-Defending KMS is built to scale horizontally and geographically as your demand for managing your keys and secrets increase. This is ensured while providing automated load-balancing, fault-tolerance, disaster recovery, and high availability. Fortanix Self-Defending KMS can be deployed globally and for hybrid or multi-cloud environments.

Easy to get started

  • 1{
  • 2    "alg": "AES",
  • 3    "mode": "GCM",
  • 4    "iv": "4NAZhXu3aL+SsSaPI+kKPQ==",
  • 5    "ad": "RnJvbTogaW5mb0Bmb3J0YW5peC5jb20=",
  • 6    "plain": "c2VjcmV0IG1lc3NhZ2U=",
  • 7    "tag_len": 128
  • 8}

Use cases

Multi-Cloud Key Management

Fortanix Self-Defending KMS enables you to make a secure and seamless transition to hybrid or multi-cloud. With unified HSM and Key Management capabilities and a scalable distributed architecture, Fortanix Self-Defending KMS can service encryption for any application in any cloud.

Read blog on How to BYOK to the cloud

HSM as a ServiceAWSAzureGoogle CloudIBM Cloud

Data at rest Encryption

Fortanix Self-Defending KMS delivers scalable distributed key storage with auto key synchronization capabilities to address strong performance and availability requirements for the encryption of a distributed database, data lake or a data storage system. With Fortanix Self-Defending KMS you can start small and grow as your data needs grow.

Read KB on How to Encrypt Oracle TDE

TDEDatabase Encryption Data Lake Data warehouse IBM DB2 Oracle Storage Encryption MS SQL

Public Key Infrastructure (PKI)

Fortanix Self-Defending KMS runs the entire key management inside HSM. No one other than the authorized user has access to the keys. Fortanix Self-Defending KMS' scale-out distributed design ensures that it can scale to meet the rising demand for PKI fueled by Internet of Things (IoT), digital transformation and cloud-native applications.

Read KB on MS PKI

PKI CA Secure manufacturing IoT code signing document signing

Network Security (SSL/TLS)

Scale-out distributed key storage helps organizations close the encryption gap with the ability to keep all the keys (not just master key) in the HSM trust boundary. Fortanix Self-Defending KMS delivers end-to-end encryption such that no key is ever outside of the trust boundary when the key is in use in memory.

Read KB on Using Fortanix Self-Defending KMS for Nginx TLS

Web Servers VPN Proxy Nginx Apache SSL TLS


Fortanix Self-Defending KMS delivers unmatched security and availability for Blockchain private keys including support for powerful yet easy to use policies for multi-sig with quorum approval, and strong access control.

Read Solutions Brief on Blockchain Key Management

Blockchain Private Keys Multisig


Fortanix Self-Defending KMS delivers unified Key Management and Hardware Security Module (HSM) capabilities to VMware virtualized environments. The solution offers easy integration via KMIP with vSphere VM Encryption and vSAN encryption to protect virtual machines and data-at-rest.

Read KB on VMware Encryption

VMware Virtualization vSphere vSAN Data at rest Encryption

Consumption model

Fortanix Self-Defending KMS can be consumed as a SaaS, dedicated managed tenant or on-premises Fortanix Runtime Encryption Appliance depending on your business, compliance or operational requirements.

On-premises Fortanix Runtime Encryption Appliance

Fortanix Runtime Encryption Appliance FX2200

Fortanix Runtime Encryption Appliance FX2200 for private cloud

Ready to test Fortanix Self-Defending KMS? Request a demo