MPC Technology: Blockdaemon, HashiCorp to Integrate Blockdaemon Builder Vault for Use with HashiCorp Vault

Blockdaemon and HashiCorp have partnered to integrate and approve Blockdaemon Builder Vault for use with HashiCorp Vault, providing secure Root of Trust services.

Builder Vault incorporates Blockdaemon’s Multi-Party Computation (MPC) tech via a Public Key Cryptography Standard (PKCS) #11 plug-in.

It generates, stores, and uses Master keys to seal and unseal HashiCorp Vault, without relying on hardware security appliances or cloud HSM service providers (CSPs).

The key benefits of using Builder Vault to seal and unseal HashiCorp Vault include:

  • CSP independence – avoid vendor lock-in and dependencies.
  • Data sovereignty – maintain complete control over master key hosting.
  • Scalability and availability – improve application performance.
  • Cost efficiencies – reduce operational expenses.
  • Cloud infrastructure integration – for continuous innovation and automation.
  • Overall security – eliminating single point of key failure vulnerabilities.‍

Helen Chen, VP of Product at Blockdaemon said:

“HashiCorp Vault provides incredibly powerful, identity-based secrets, data, and systems management. At the request of a major global service provider, we integrated Builder Vault to generate, store, and use master keys that seal and unseal HashiCorp Vaults using MPC. The result is enhanced Root of Trust security with improved operational efficiency and flexibility.”

Asvin Ramesh, Sr. Director of Alliances at HashiCorp said:

“The integration between Blockdaemon Builder Vault and HashiCorp Vault enhances security with tamper-resistant key storage, an automated seal/unseal process, and ensures regulatory compliance. The partnership between HashiCorp and Builder provides customers with a powerful solution for the protection of their most sensitive secrets.”

‍‍Traditional PKCS #11 implementations store a centralized copy of a key and other attributes, including the “permission criteria for key usage.”

Security can be defeated if a malicious party “accesses the centralized key or if the permission criteria becomes compromised, creating single points of failure.”

‍Builder Vault uses multiple distributed MPC nodes under different administrative domains, to “generate, store, and use MPC shares of a master key, avoiding single points of failure.”

Builder Vault’s PKCS #11 implementation also stores “a copy of the key attributes – excluding the key-related values – in each MPC node’s database. This distributed and redundant approach to attributes mitigates single point of failure risks for permissions.”

Builder Vault MPC nodes can be hosted “on-premises, in public or private clouds, or in secure cloud compute environments.”

Running nodes in secure environments, Builder Vault offers security for the master key “that wraps and unwraps the HashiCorp Vault Root of Trust key, without relying on hardware security appliances or cloud hosted HSM services.”

‍Blockdaemon Builder Vault is available for licensing and self-hosting directly from Blockdaemon, or as “a subscription with automated deployment via AWS Marketplace.”



Sponsored Links by DQ Promote

 

 

 
Send this to a friend