5 Tools to Easier Encryption Key Management

If you use SSH or services that require encryption keys, it can be difficult to securely store this data to give you secure access to your accounts. Here are some services to help you keep track.

Image: jijomathai/Adobe Stock

Keep these keys haphazard and they could fall into the wrong hands. Or you Simply could lose track of which key belongs to which service (at which point you might as well have lost the key). What if you are a developer and need some sort of vault to store encryption key secrets that can then be linked to deployed services? How are you?

Keep these keys haphazard and they could fall into the wrong hands. Or you might just lose track of which key goes with which service (at which point you might as well have lost the key). What if you are a developer and need some sort of vault to store encryption key secrets that can then be linked to deployed services? How are you?

SEE: Checklist: How to manage your backups (TechRepublic Premium)

You might consider an encryption key manager. These differ from password managers because in some cases they actually work in the background to interact with various applications and services that depend on these keys. Of course, if you just need the means to securely store those keys so you can manually retrieve them later, you can opt to use a simple password manager.

But we want more.

Ergo, I have five such tools, each of which does an excellent job of storing, protecting, and (in some cases) using your encryption keys as needed.

Let’s take a closer look at these applications and services to see which ones work best for your needs or business.

HashiCorp Vault

A screenshot of the login for HashiCorp
Image: HashiCorp

HashiCorp Vault is a powerful tool for storing credentials, passwords, and various types of secrets (including encryption keys) that you can then securely use in your container deployments. If you’re serious about the security of your containers, HashiCorp Vault should definitely be on your radar. HashiCorp Vault allows you to create and secure access tokens, passwords, certificates, and encryption keys in a way that strikes the necessary balance between locked-down security and ease of use.

HashiCorp Vault also saves your developers time by not struggling to find a reliable way to manage the secrets they use in their deployments and connecting services to third-party APIs. HashiCorp Vault helps you increase security across clouds and applications across your entire IT landscape with hundreds of integrations. With the ability to generate 10,000+ unique tokens daily, your teams can also use HashiCorp Vault to make automation a reality. HashiCorp Vault is free to use (with the self-managed, open-source version), or you can opt for the managed cloud plan (starting at 3 cents an hour) or the Enterprise plan (contact sales for info).


A screenshot of the Seahorse interface
Image: Seahorse

Seahorse is an open-source tool found in many Linux distributions that makes creating, storing, and managing encryption keys as user-friendly as possible. Seahorse can work with SSH keys, GPG keys, passwords, and certificates… all within a GUI that makes every step of the process easy. Store multiple keys (of any type), sign them and even sync your keys with remote key servers.

The only caveat to using Seahorse is that you must ensure that the keyring is locked when the tool is not in use (otherwise anyone can view your saved passwords). Seahorse also lets you import keys from a file and export keys to a file. Seahorse is free to use and comes preinstalled on many Linux distributions. Seahorse is not available for macOS or Windows.

Manage Engine Key Manager Plus

A screenshot of the data generated by Manage Engine
Image: ManageEngine

If you are looking for a web-based solution to manage SSH and SSL certificates, ManageEngine Key Manager Plus could very well solve this often complicated problem. This platform makes it easy to consolidate, control, manage, monitor and audit your SSH keys and SSL certificates. If your business depends on large numbers of SSL keys across an entire IT landscape of servers, you owe it to your administrators to arm them with the tools that make managing those keys effortless.

ManageEngine Key Manager Plus can be installed on a local server or you can opt for a hosted plan. Either way, you get real-time dashboards to keep track of your keys, reports, schedules, and even audit tools. ManageEngine Key Manager Plus is free to use as a trial, but you’ll have to pay for a license soon, so you’ll need to contact the company for a quote.

Google Cloud Key Management

A screenshot of Google Cloud Key Management
Image: Google

With Google Cloud Key Management, you benefit from scalable, centralized cloud key management that ensures compliance and data protection and increases the security of your company. This service allows you to use hardware security modules (HSMs) and approve/deny any request for your encryption keys based on local justifications.

Google Cloud Key Management also lets you use your own managed keys to control the encryption of data across Google Cloud products. The Google platform allows you to generate, use, rotate, and destroy AES256, RSA 2048, RSA 3072, RSA 4096, EC P256, and EC P384 cryptographic keys so you can easily use most of your encryption key management. Google Cloud Key Management price is $3/active key.


A screenshot of logging into GnuPG
Image: wildebeest

If you’re looking for a local, command-line-only tool to manage your encryption keys, GnuPG is the de facto standard. With this tool you can easily manage (add, sign, delete, revoke and edit) key pairs. GnuPG is a free implementation of the OpenPGP standard (as defined by RFC4880) and can work with files and even integrate with many email clients to encrypt your communications.

GnuPG is preinstalled on most Linux distributions and is also available for macOS and Windows (via Gpg4win). GnuPG has been around since 1997, so its reputation as one of the most trusted implementations of PGP is well deserved.

Subscribe to TechRepublic How to make tech work on YouTube for the latest tech advice for business professionals from Jack Wallen.

About Willie Ash

Check Also

10 big announcements from Red Hat Summit 2022

IBM subsidiary Red Hat used its annual summit event to whet the appetite of developers …