Managed KMS. Zero infrastructure. Your keys, in the cloud.
Clef Cloud is launching soon — a hosted Key Management Service. Provision, rotate, and audit encryption keys from a single dashboard, without managing HSMs, cloud IAM, or key infrastructure.
Managed KMS. Zero infrastructure.
Provision keys in seconds. You own them — disable or destroy at any time. Key material is hardware-backed and never visible to Clef staff.
Keys rotate automatically on an annual cycle — built in, no configuration needed. Previous versions are retained so existing ciphertext keeps decrypting without interruption.
Grant encrypt-only, decrypt-only, or admin access per key, per service account. RBAC keeps credentials scoped to exactly what they need.
Every encrypt, decrypt, and admin operation is logged with caller identity, timestamp, and key version. Export to your SIEM anytime.
Every KMS operation available via a versioned REST API, with SDKs for Node.js, Python, and Go.
No HSMs, no IAM policies, no rotation scripts to maintain. Clef Cloud runs the infrastructure — you ship the product.