An organization needs to encrypt IBM Cloud Kubernetes Service secrets and the etcd store with their own root keys. The encryption should occur on FIPS 140-2 Level 4-certified hardware. Which service should this organization use?
A. IBM Cloud Hyper Protect Crypto Services âś…
Built on FIPS 140-2 Level 4 certified Hardware Security Modules (HSMs) — the highest security level recognized by NIST.
Allows customers to own and manage their own root encryption keys.
Perfect for Kubernetes etcd encryption and secrets management when compliance and hardware isolation are required.
Offers “Keep Your Own Key” (KYOK) capability — IBM cannot access the keys.
B. IBM Cloud Secrets Manager ❌
Manages application secrets, API keys, and certificates, but does not use Level 4 HSMs.
It integrates with Key Protect or HPCS for key storage, but by itself doesn’t meet Level 4 FIPS standards.
C. IBM Cloud Key Protect ❌
Uses FIPS 140-2 Level 3-certified HSMs — not Level 4.
Suitable for most encryption use cases but not for environments needing maximum hardware-based security.
D. IBM Cloud Managed Encryption Services ❌
This is not a standard IBM Cloud offering for customer-managed root key encryption in Kubernetes contexts.
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Malex68
1Â month ago