|
|
|
|
|
|
by justincormack
3174 days ago
|
|
|
So can you do any of this in a public cloud setup or is this an argument for having infrastructure that you control directly? (I think AWS might have launched some sort of HSM service, but I haven't looked at the details and not clear if it could provide the right sort of guarantee) |
|
|
Azure: https://azure.microsoft.com/en-us/pricing/details/key-vault/ AWS: https://aws.amazon.com/cloudhsm/
The only thing you're not able to do in a public cloud is run these in Secure Execution mode—where you get to actually execute arbitrary code inside of the enclave instead of just doing operations with keys that are protected by the HSMs.