Hardware-grade key security · delivered as a service

Your keys live in a dedicated AWS account with exactly one tenant: you.

CipherDen provisions a FIPS 140-3 backed HSM environment into its own AWS account per customer. Not a shared cluster. Not a logical partition. An account boundary, the strongest isolation AWS offers.

See pricing Why we built it this way

cipherden | sign

$ curl https://hsm.your-den.cipherden.io/v1/crypto/sign \
    -H "Authorization: Bearer $TOKEN" \
    -d '{"key_id":"signing-root","message":"..."}'

{
  "signature": "MEUCIQDk3...",
  "algorithm": "ECDSA_SHA_384",
  "key_origin": "AWS_KMS (FIPS 140-3)",
  "key_extractable": false,
  "audit_event": "evt_01J9ZK..."
}

key_extractable is set at creation and immutable for the key’s lifetime.

FIPS 140-3 validated modules1 account = 1 customer hard isolationPCI SAQ-A card data never touches usTamper-evident audit on every operation