Skip to main content

Eclipse KeySealer

Eclipse KeySealer provides software for integrating Kubernetes KMS APIs with external cryptographic key stores and key-management systems.

Eclipse KeySealer enables Kubernetes clusters to protect data at rest through secure integration with PKCS #11-compatible HSMs, TPM-backed providers, software tokens, and external key-management systems.

The project includes:

  • Implementations of Kubernetes KMS provider plugins, starting with KMS v2.
  • Integration with PKCS #11-capable devices and providers, including HSMs, TPM-backed PKCS #11 providers, and software tokens.
  • Support for current and future Kubernetes KMS API versions.
  • Support for relevant PKCS #11 versions, including PKCS #11 v2.40, v3.2, and future compatible versions.
  • Configuration examples, deployment manifests, packaging, tests, and documentation for running KMS plugins in Kubernetes environments.
  • Key rotation workflows, interoperability testing, and operational guidance for secure Kubernetes encryption-at-rest deployments.

The project does not define new Kubernetes APIs, new cryptographic algorithms, new PKCS #11 specifications, or new key-management standards. It implements and integrates existing standards and APIs. It also does not replace Kubernetes encryption providers, HSM firmware, TPM firmware, or vendor-specific key managers.

Basics

Repositories

Repository Commits Reviews Issues
This project has no activity.

The EMO oversees the lifecycle of Eclipse projects, trademark and IP management, and provides a governance framework and recommendations on open source best practices.

See the project’s PMI page at https://projects.eclipse.org/projects/technology.keysealer

Releases

Reviews

IP Lab requests

Organization Settings

  • GitHub organization: eclipse-keysealer
  • 2FA enforced: True
  • Default workflow permissions: read

Branch Protections

This project has currently no repositories.

Back to the top