Service Certificate – STACKIT Key Management Service

Service Name

STACKIT Key Management Service

High level service description

STACKIT Key Management Service („KMS“) is a managed service that simplifies the creation, management, and use of cryptographic keys (“keys”).

It allows the customer to perform cryptographic operations securely and efficiently.

The KMS API simplifies to integrate key management into the customer’s applications and workflows.

Key Features

• Customers can either have KMS keys generated for their use or bring their own keys (that comply with the defined standards) by uploading them to KMS in encrypted form.
• Generate cryptographic keys of the following variants: AES-256, RSA-2048, RSA-3072, RSA-4096
• “Key Rotation” is possible
• Enables the encryption and decryption of customer data with keys stored in KMS
• Manage keys via an user-friendly configuration interface or via API
• High availability ensures the safe operation of the KMS

Service Plans

KMS automatically scales with the number of keys and key versions used by the customer

The following limitation applies:

• the number of API accesses is limited to 10.000 accesses per hour per KMS
• the size of the decryption / encryption files is limited to 64 kB

Metric

The customer is able to self-manage the number of key versions in use, including creating and deleting them as needed. Billing per hour, based on the number of available key versions.

SLA Specifics

• KMS is considered available insofar the API and configuration interface are accessible at the service delivery point.

Backup

• There is no customer specific backup.

Additional Terms

• The customer is responsible for the configuration of KMS and its keys.
• Keys that the customer deletes can no longer be used. A deleted key can be recovered within 30 days. If data is encrypted with deleted keys, it’s not possible to decrypt this data.

Version 1.0, valid from 01.04.2025