Enhance Kaleido’s built-in protection of your private key materials with a master encryption key stored in your Azure Key Vault Service.
Microsoft processes your keys as FIPS 140-2 Level 2 validated so you can rest assured your data is secured to the highest levels.
Because Azure supports the ethereum cryptography SECP256k1 curve, Kaleido is able to offload transactions signed to the Azure Key Vault so you can back a Kaleido Managed Wallet by keys —and your keys never have to leave your Azure Key Vault so you retain full control. When the need arises, you can revoke access to Kaleido Managed Wallet at any time.
Provision new vaults or import existing keys in minutes all within a centralized place. You can encrypt authentication keys, storage account keys, data encryption keys, passwords and more.
Azure Key Vault provides hardware security modules (HSM) that are maintained in the Azure Cloud. This allows clients total control of their cryptographic materials in hardware and firmware without being exposed to any operators including Microsoft. Using an HSM based keys management provides the highest level of security.
Kaleido CloudHSM service supports using keys maintained by Azure Key Vault to sign transactions. The Kaleido service communicates with Azure Key Vault via HTTP over TLS to discover the list of signing accounts and sending it payload to sign. During the entire process the signing keys stay safe inside the customer's Azure Key Vault instance and are never shared with Kaleido.
Create one or more keys in the vault that can be used to sign Ethereum transactions
Create and configure a Kaleido CloudHSM signer service which has the ability to interact with the Key Vault in Azure to sign and send transactions to an Ethereum node in the Kaleido environment.
Azure Key Vault is backed by FIPS 140-2 Level 2 certified HSMs keeping your keys secure. The first step is to provision a Key Vault in Azure and generate secp256k1 keys suitable for signing Ethereum transactions.