Key Management Service (KMS)
Argus Crypt
An enterprise cryptographic key management service (KMS) and envelope secrets store. Manages key lifecycles, rotates keys, validates granular access policies, and records detailed audit trails.
// envelope encryption model //
Plaintext Data
// encrypt via local DEK //
Data Encryption Key (DEK)
// wrap DEK using KMS KEK //
Key Encryption Key (KEK) in HSM
// Key Features & Performance Specs
Lifecycle & Version Control
Generate and rotate symmetric AES-GCM and asymmetric RSA-OAEP/RSA-PSS keys. Seamlessly tracks multiple key versions for decrypting legacy payloads.
CIDR & Time Window Gating
Attach granular access policy matrices to keys, enforcing authorization constraints based on source IP CIDRs and active hourly time windows.
Tamper-Proof Audit Logging
Every cryptographic action, key generation, and rotation request is recorded synchronously in a paginated audit stream for security compliance.