Key management

The recommended way to set up a KMS-protected key in Stream is to use the native Cloud KMS integration.

It’s also recommended that customers uses their cloud provider tenant to provision KMS keys, as this allows for reversibility and credentials management that is compliant with their own internal policies. In case the customer is unable to configure a KMS key in their tenant, EVERTRUST can provide a ready-to-use key. However, this has the same drawbacks as an EVERTRUST-managed customer bucket.

EVERTRUST builds container images that integrate multiple HSMs middlewares. The following HSM vendors are currently supported in EVERTRUST Cloud :