Xloud Key Manager — Enterprise KMS
Product details and datasheet on xloud.tech
Xloud Key Manager
User Guide
Store secrets and credentials, manage certificate containers, issue certificate orders, and configure access control lists for your Xloud Key Manager resources.
Admin Guide
Configure secret store backends, manage transport keys, enforce quotas, and apply security hardening policies for the Key Manager service.
CLI Reference
openstack secret commands for managing secrets, containers, orders, and ACLs from the command line.TLS Integration
Store TLS certificates in Key Manager and reference them directly from Load Balancer HTTPS listeners for centralized certificate lifecycle management.
Key Features
Secret Storage
Securely store passwords, API keys, encryption keys, and arbitrary binary secrets. All secrets are encrypted at rest using the configured backend store.
Certificate Management
Store and manage TLS/SSL certificates with their associated private keys and certificate chains. Reference directly from Load Balancer and other services.
Access Control Lists
Fine-grained ACLs control which users and projects can read or manage each secret. Delegate access without exposing credentials.
Certificate Orders
Automate certificate issuance through configured Certificate Authority plugins. Track order status and retrieve issued certificates programmatically.
Transport Key Encryption
Client-side secret encryption using transport keys prevents secrets from ever appearing in plaintext on the network — even during upload.
Multi-Backend Support
Plug in industry-standard backends including local encryption, hardware security modules (HSMs), and KMIP-compliant key management appliances.
Key Manager Components
| Component | Description |
|---|---|
| Secret | An encrypted payload — passwords, API keys, certificates, private keys, or arbitrary binary data |
| Container | A named grouping of related secrets (e.g., a certificate + private key + CA chain) |
| Order | An asynchronous request to generate or issue a key or certificate via a CA plugin |
| Transport Key | An asymmetric key pair used to encrypt secrets client-side before transmission |
| ACL | Access Control List defining per-user and per-project read/write permissions on a secret |
| Secret Store | The backend encryption provider (simple crypto, PKCS#11 HSM, KMIP) |
Related Services
Xloud Load Balancer
Reference TLS certificate containers in HTTPS listener configuration
Xloud Compute
Encrypt instance storage volumes with keys managed in Key Manager
Xloud DNS
Store DNSSEC signing keys as secrets for automated zone signing
Xloud Object Storage
Server-side encryption of object containers with customer-managed keys
Xloud Identity
RBAC policies and trust delegation for Key Manager resource access
Xloud Block Storage
Volume encryption using keys managed and rotated through Key Manager
Getting Started
Authentication
Configure Dashboard access and CLI credentials before working with Key Manager
User Guide
Step-by-step instructions for storing your first secret