Large-scale Key Management
in a Cloud Environment

KangaLock vHSM

KangaLock vHSM is a paradigm-shifting key management solution. We completely redesigned the traditional HSM from the ground up to overcome its limitations to support new requirements emerging in the era of cloud computing.

  • Unparalleled security and reliability in a cloud environment. KangaLock protects sensitive data even in the face of infrastructure, virtual machine, and OS compromise.
  • Massive scalability. KangaLock can manage millions to billions of keys and perform cryptographic operations at a high rate. It’s a perfect solution to optimize HSM workloads to respond to change in demand. It can scale out according to the surge and decline in demand.
  • Fast and easy deployment and configuration. No need to own special-purpose hardware or hire skilled HSM engineers.

KangaLock vHSM Video

What is the Trusted Execution Environment (TEE)?

KangaLock virtual HSM features strong security powered by the Trusted Execution Environment. TEE is a cutting-edge security technology that dramatically reduces the attack surface down to the CPU. It is resistant against a variety of attacks, including malicious insiders, zero-day exploits, OS vulnerabilities, and even compromised cloud providers or government oversight.

TEE creates a secure area inside the main processor, isolated from the Regular Execution Environment (REE). In the trusted area, only authorized programs can run and access sensitive information.

Any data leaving the TEE will be automatically encrypted by the sealing key hidden inside the CPU. TEE, by design, blocks unwanted data leaks and allows secure execution of critical applications.

Key Features

Strong Security
Powered by TEE

Guaranteed HSM-grade security and reliability in a cloud environment using the advanced runtime security provided by TEE technology.

Limitless &
Flexible Scalability

Built to scale horizontally and support large-scale key management. Flexibly scale up or down according to changes in operational workload.

Instant Deployment & Easy Configuration

KangaLock runs on cloud infrastructure thanks to its software-like quality. Fast time to value (TTV) is possible with minimal configuration.

Compatibility With Existing Interface

Provides a variety of standard interfaces such as PKCS#11, REST APIs, and etc., as well as support for NSA Suite B algorithms.

KangaLock vHSM Applications

KangaLock vHSM serves as a Root of Trust (RoT) and helps you achieve a variety of goals in critical applications, from traditional use cases to emerging applications such as IoT, Blockchain, and V2X.



Private keys represent the identity and security credentials of participants in Blockchain applications. And it is common to expect tens of millions of potential users. This requires a large number of private keys to be secured and managed. KangaLock vHSM’s capacity for security and scalability makes it indispensable to Blockchain applications.

Key Management in the Cloud

Container encryption and Big Data encryption are becoming increasingly common for companies and organizations to build an IT infrastructure in the cloud. KangaLock vHSM’s scalability and ease of deployment can support large volume encryption and decryption services in a cost-effective manner.

Cryptographic Infrastructure

Encryption is essential to safely store and exchange customer information and intellectual property. KangaLock vHSM supports standard interfaces and a broad set of algorithms required for database encryption, SSL/TLS processing, document signing, as well as secrets management solutions. such as Vault by HashiCorp and AWS Secrets Manager.

Public Key Infrastructure (PKI)

IoT applications such as connected vehicles or smart meters may utilize many millions of devices. To support secure communication among the devices, a PKI must issue large numbers of certificates and perform cryptographic operations at a high rate. KangaLock vHSM serves as the Root of Trust to offload such cryptographic operations.


Operating SystemLinux (Ubuntu, Debian, RHEL, CentOS), Windows
InterfacePKCS#11 (Supports C, C++, Go, Python, Node.js, OpenSSL)
ApplicationNGINX, Apache HTTP Server, Oracle Database
CertificationFIPS 140-2 Compliant Algorithm

Contact Us

Looking for a solution?

TEEware shares your concerns about security. We will continue to research and provide innovative solutions for your security needs. We will be your partner.