CIOP v2.2.1 User Guide

Introduction

The Entrust nShield Cloud Integration Option Pack (CIOP) provides users of cloud services with the ability to generate keys in their own environment and export them for use in the cloud while having confidence that:

  • Their key has been generated securely using a strong entropy source.

  • The long term storage of their key is protected by a FIPS-certified Hardware Security Module (HSM).

The following cloud services are supported:

  • Amazon Web Services (AWS)

  • Google Compute Engine

  • Google Cloud Key Management (Google KMS)

  • Microsoft Azure

  • Salesforce

The generated encryption key is passed to a cloud service provider. Therefore, we recommend that both the URL and the server certificate of the provider are verified as current and valid.