SanctiKey

Platform

An HSM workflow, not a key-value store.

SanctiKey exposes a complete cryptographic toolkit over a single REST API: generate keys, sign, encrypt, run a certificate authority, escrow for recovery, and federate it all into your identity provider. The key material stays inside FIPS 140-3 validated modules in your own AWS account; the API returns results, never bytes.

Every capability below ships to every account. You can read why we built it this way or the full security model.

Cryptographic operations

The operations you came for

Sign & verify

ECDSA (P-256/384/521) and RSA signing over REST, with per-key usage policies, algorithm pinning, and text or file payloads.

Encrypt & decrypt

Envelope encryption with rotated, multi-region customer master keys. Encryption context is enforced on every call.

PKI & certificates

CSR signing, full certificate chains, and root and intermediate ceremonies, without buying or racking a single appliance.

Key escrow

Two-step confirmed escrow for break-glass recovery. No single action can ever move a key; both steps are independently audited.

Control & governance

The controls around them

Federation

SAML / OIDC into your existing identity provider, with MFA enforced wherever you require it. No second user directory to run.

Partitions

Named compartments for your keys, each backed by its own access group. A user only sees and uses the partitions they belong to.

Audit everything

Every operation emits a tamper-evident audit event, exportable to your SIEM. Gaps in the trail raise an alarm, not a shrug.

REST API & scoped keys

Everything above is one HTTPS call. Programmatic access uses scoped API keys with instant, cache-free revocation.

On the roadmap

Opt-in multi-region

Your keys are already multi-region-capable by default. The opt-in turns that into real presence in additional regions, for three reasons, not just one:

  • Disaster recovery: survive the loss of an entire region with a defined RTO, not a hope.
  • Latency: run operations against keys that live next to your workload.
  • Residency: keep key material in the region your compliance regime requires.

Standby

Your keys and data replicate to a second region; the serving stack spins up on failover. Recovery in hours, near-zero data loss.

Active

A full standby environment runs warm with automated health-checked failover. Recovery in minutes, plus scheduled failover drills with reports you can see.

You also get deterministic, long-lived per-region endpoints, so you can choose exactly which region performs a given operation. Each region is priced at its own marginal cost, so you pay only for the regions you turn on.

Not generally available yet. We’d rather list it as a roadmap commitment than sell it before it ships.

Same features for every account. Accounts differ by usage, never by safety.

The smallest plan ships the same modules, the same isolation, and the same capability set as the largest. You pay for volume, not for the right to be secure.