Solution
Enclave Vaults
Secrets management rethought from the ground up. Enclave Vaults distributes trust across multiple hardware-protected nodes, so no single party, not even us, can access your secrets.
The problem with traditional secrets management.
Centralised trust is a single point of failure
HSMs, cloud KMS, and secret vaults all share the same weakness: one key, one location, one operator. If that operator is compromised, coerced, or simply makes a mistake, every secret protected by that key is exposed.
You have to trust the provider
Cloud KMS encrypts your data with keys you cannot inspect, on infrastructure you cannot verify. You are told your secrets are safe. But you have no way to prove it. Compliance says yes. Cryptography says nothing.
Distributed trust, hardware-enforced.
Secrets split across independent nodes
Your master secret is split into shares using Shamir’s Secret Sharing. Each share is held by a separate hardware-protected node, operated independently. No single node ever holds enough information to reconstruct the secret.
Client-driven reconstruction
The client fetches shares independently from each node, verifying the hardware attestation of every connection. Reconstruction happens on the client side, inside its own secure environment. The nodes never coordinate with each other and never see the full secret.
Attested access control
Each node attests its identity, code, and configuration through its TLS certificate. Clients verify exactly what is running before sending any request. Access policies are enforced by identity tokens, and the identity provider itself is part of the attested configuration.
Perfect for enclave secrets
Enclave Vaults is designed to protect the secrets that enclaves and confidential VMs need at boot: disk encryption keys, TLS private keys, API credentials. The very secrets that make confidential computing work are themselves protected by distributed, attested hardware.
Honest about the boundaries.
Enclave Vaults is not a FIPS 140-3 certified HSM. It does not have tamper-evident physical enclosures or environmental sensors. What it offers is a fundamentally different security model: distributed trust enforced by hardware, with mathematical transparency instead of physical tamper resistance. For many threat models, this is sufficient. For some, it is not. We believe in being precise about the trade-offs.