Skip to content

QxVault

Secrets management vault with a built-in HSM.

Product Overview

Secrets. Simplified.

The QxVault is a fully integrated Secrets Management Vault with a built-in HSM for robust management of secrets, credentials, and API keys.

QxVault enables enterprises and governments to:

  • Deploy with on-prem infrastructure or private cloud
  • No HSM expertise required for deployment or operation
  • Automatic HSM clustering and synchronization
  • Built on the popular OpenBAO code base, compatible APIs and supports a broad ecosystem of integrations
  • Based on Crypto4A QxHSM hardware and runs QxOS
Reduced Cost

Transparent, simple, and predictable pricing with unlimited client licenses resulting in significant savings

Reduced Complexity

Simplified deployment and management by integrating a FIPS 140-3 Level 3 HSM into the QxVault™ Blade Module

Sovereignty

Centralized secrets management deployed in a customer environment or in a sovereign private cloud

Future Proof Security

Support for both Classic and PQC backed secrets leveraging hardware based crypto-agility

QxVault front facing view

Product Features

QxVault highlights

QASM™ - FIPS Certified Module built in

Pending FIPS 140-3 level 3+ validation

Multiple deployment options

Built on OpenBAO

Broad ecosystem of compatible APIs

Future-proof scalability and adaptability

Product Specifications

  • Automatic HSM & Vault clustering
  • Disaster Recovery (DR) and fault-tolerance
  • Business continuity of Operations (BCoOP)

Deployment options

Chassis Configurations

QxBMC-1 Desktop Chassis
QxBMC-1 Desktop Chassis
  • Single blade chassis
  • Extended battery life: 5 years of additional unpowered standby
  • Built in CLO
QxBMC-3
QxBMC-3
  • 1RU 3 Blade Chassis
  • Dual redundant, hot-swappable power supplies
  • Built in CLO
QxBMC-12
QxBMC-12
  • 4RU 12 Blade Chassis
  • Integrated dual network 40G switch card with (4) 10G ports and SFP+ interface
  • Dual redundant, hot-swappable power supplies
  • Built in CLO

Use Cases

Where QxVault shines

Secure Secret Storage

Arbitrary key/value secrets can be stored in QxVault™. QxVault™ encrypts these secrets prior to writing them to persistent storage, so gaining access to the raw storage is not enough to access your secrets.

Dynamic Secrets

QxVault™ can generate secrets on-demand for some systems, such as Kubernetes or SQL databases. After creating these dynamic secrets, QxVault will also automatically revoke them after the lease is up.

Data Encryption

QxVault™ provides encryption as a service with centralized key management to simplify encrypting data in transit and stored across clouds and datacenters.

Identity based access

Organizations need a way to manage identity sprawl with the use of different clouds, services, and systems. QxVault™ solves this challenge by using a unified ACL system to broker access to systems and secrets and merges identities across providers.

Leasing and Renewal

All secrets in QxVault™ have a lease associated with them. At the end of the lease, QxVault™ will automatically revoke that secret. Clients are able to renew leases via built-in renew APIs.

Revocation

QxVault™ has built-in support for secret revocation. QxVault™ can revoke not only single secrets, but a tree of secrets, for example all secrets read bya specific user, or all secrets of a particular type.