https://store-images.s-microsoft.com/image/apps.909.5e9d7bf0-5444-4846-9900-2fc187a90365.3fee3654-03e9-4149-bf23-334532a1528f.002432f8-eade-4ab3-8bba-1b0840e3884f

Utimaco’s Enterprise Secure Key Manager (ESKM) with Azure KeyVault Integration

Utimaco IS GmbH

Utimaco’s Enterprise Secure Key Manager (ESKM) with Azure KeyVault Integration

Utimaco IS GmbH

The ESKM solution provides the import of customer owned keys (BYOK) into the Azure KeyVault

The traditional Microsoft BYOK approach is to generate a private/public key pair in a local/on-premise GP HSM and export/import it as a wrapped key pair into the Azure KeyVault.


The ESKM integration into the Azure KeyVault allows you to generate a private/public key pair in the ESKM, using FIPS approved algorithms, and push it to the Azure KeyVault to encrypt Azure SaaS, PaaS, and/or IaaS resources.


  • The private/public key pair stays under the control of the customer - it can be managed and revoked directly from ESKM.
  • In a BYOK scenario, the ESKM generates the keys and uploads them to the respective CSP.
  • Only authorized users have access to unencrypted data.


The ESKM allows you to manage the entire key life cycle (generate, store, distribute/use, rotate/rekey and terminate/revoke).

Utimaco provides flexible deployment options:


  • ESKM with integrated Utimaco GP HSM
  • vESKM, which can be connected to external Utimaco GP HSM


General note: For redundancy reasons Utimaco recommends deploying ESKM in cluster mode!

https://store-images.s-microsoft.com/image/apps.54012.5e9d7bf0-5444-4846-9900-2fc187a90365.3fee3654-03e9-4149-bf23-334532a1528f.3617fecf-21cf-4ee1-85f4-f4220f8e4a3e
https://store-images.s-microsoft.com/image/apps.54012.5e9d7bf0-5444-4846-9900-2fc187a90365.3fee3654-03e9-4149-bf23-334532a1528f.3617fecf-21cf-4ee1-85f4-f4220f8e4a3e