SanctiKey

In practice

You might not think you need this. Here is why you probably do.

Almost every business runs on a few digital keys, even if nobody calls them that. A key is just a secret number that proves something is genuine or unlocks something private: the secret that signs your software so customers know it came from you, the one that scrambles your customers’ data so a stolen database is useless, the ones that let your own systems recognize each other. Lose control of those secrets and the damage is hard to undo. SanctiKey is a safe place for those keys to live and do their work.

Four words, in plain terms

You will see these throughout. None are complicated.

A key
A secret number that either proves something is genuine or unlocks something private.
Signing
Stamping data with a key so others can verify it really came from you and was not altered.
Encrypting
Scrambling data with a key so only a holder of the key can read it back.
A certificate
A digital ID card that vouches for who a server, app, or device is.

Use case 01

Proving your software is really yours

Software & device makers

The situation

When you ship an app, an update, or firmware, your customers’ machines need a way to tell a genuine copy from one a criminal has tampered with. The standard answer is to sign each release with a private signing key. A matching public check, baked into the device or installer, then confirms the signature before anything runs.

The usual way it goes wrong

Most teams keep that signing key in a file on a build server or a developer’s laptop. If that machine is breached, attackers can sign malware that looks exactly like your official software, and every customer who trusts you will install it. This has sunk real companies.

With SanctiKey

The signing key is created inside SanctiKey and can never be copied out, not even by you. Your build pipeline sends the release to be signed over a secure connection and gets back a signature. The key stays locked in hardware the whole time, and every signing is recorded.

A stolen build server no longer means a stolen signing key.

Your environment

Build pipeline / release
send release to be signed (TLS)

SanctiKey · your dedicated, isolated AWS account (FIPS)

Signing keylocked
sign inside hardware
Signature produced
signed release ships out

Your customers

Device verifies the signature before running
The private signing key never crosses the boundary out of SanctiKey.

Use case 02

Protecting sensitive customer data

Anyone holding personal or financial data

The situation

If you store things like social security numbers, health records, or payment details, you are expected (often legally required) to encrypt them. Encryption scrambles the data with a key so that only someone holding that key can read it back.

The usual way it goes wrong

If the encryption key is stored in the same place as the data, in the same database, app config, or cloud account, then whoever steals the data usually steals the key too. The encryption was theatre: one break-in reads everything.

With SanctiKey

Your application sends a sensitive value to SanctiKey to encrypt, stores only the scrambled result, and calls back to decrypt when it genuinely needs the value. The key lives in a separate, isolated account and never sits next to the data, so a copied database is just noise.

The data and the key that unlocks it are never in the same place.

Your environment

App handling a sensitive value
encrypt this (TLS)
Database stores the scrambled result only
key lives elsewhere, never beside the data

SanctiKey · separate, isolated AWS account (FIPS)

Encryption keylocked
A stolen copy of the database is unreadable: the key was never stored with it.

Use case 03

Letting your systems trust each other

Teams running many services, servers, or devices

The situation

As you grow, your servers, apps, and devices need to know which other machines are really yours before they exchange anything. The proven way is to give each one a digital ID card, called a certificate, issued by an authority they all trust. It is the same padlock idea your browser uses, turned inward onto your own network.

The usual way it goes wrong

Teams improvise: shared passwords copied between servers, long-lived keys pasted into scripts, or self-made certificates nobody tracks. Anything that gets a copy of a shared secret can impersonate a real system, and revoking access means hunting down every copy.

With SanctiKey

SanctiKey acts as your private certificate authority. Its root key stays locked inside, and it issues each server or device its own short-lived ID. Machines present their ID to prove who they are; anything without a valid, current one is turned away, and you can revoke a single ID without disturbing the rest.

Only the machines you issued an ID to can join the conversation.

SanctiKey · your private certificate authority (FIPS)

Root key (your CA)locked
issues a short-lived ID to each machine

Your network

Service A · presents its ID
Service B · checks A’s ID, then trusts it
Unknown machine · no valid ID, refused
Machines trust each other by ID, not by shared passwords. Revoke one ID without touching the rest.

Use case 04

Making sure a critical key is never lost

Regulated and high-stakes teams

The situation

Some keys are so important that losing them is a disaster: lose the key and the data it protects is gone forever. But keeping easy copies lying around is exactly what makes keys leak. You need a way to recover a key in a real emergency without leaving it exposed the rest of the time.

The usual way it goes wrong

The usual fallbacks are a key in a password manager, a copy on a USB stick in a drawer, or one person who 'has it.' Each is either too easy to steal or too easy to lose with the person who held it.

With SanctiKey

Critical keys are held in protected recovery inside SanctiKey. Day to day, nobody can extract them. Recovery requires the approvals you define, and every recovery attempt, successful or not, is logged. The key is reachable in a genuine emergency and unreachable otherwise.

Recoverable when it truly matters, exposed to no one in the meantime.

Day to day

No one can extract the key
emergency recovery requested

SanctiKey · protected recovery (FIPS)

Critical key in escrowlocked
requires the approvals you set
Release only on approval · every attempt logged
Reachable in a genuine emergency, exposed to no one in the meantime.

The common thread

Every example above is the same move: keep the secret in one hardened, isolated place that your systems call, instead of copying the secret out to wherever the work happens. You don’t change your apps or move your data. SanctiKey slots in as the trusted layer your software talks to whenever a key is involved, and it typically replaces a fragile mix of keys in config files, scripts, and laptops, or a physical security appliance you would otherwise buy, rack, and maintain yourself.