Skip to main content

Key overview

Symmetric and asymmetric keys can both be stored in the Vault service. When a key is stored, the Vault service secures the private key material by performing cryptographic operations on the key. This prevents the key from being exposed outside of Vault.

Vault Keys support the following capabilities:

  • Symmetric and asymmetric keys
  • Pangea-generated keys
  • Importing customer keys
  • Manual rotation
  • Automated rotation policies
  • Versioning
  • Cryptographic Operations
    • Encrypt/Decrypt
    • Sign/Verify
    • Sign/Verify of JWTs

When a key is rotated, the replaced key is set to a destroyed state. Rotated keys have the same capabilities as the tokens that they replace. Since keys are referenced using their IDs, developers do not need to update code whenever keys are rotated.

Was this article helpful?

Contact us