The Venafi Trust Protection Platform stores sensitive information such as logon credentials and private key material within its own database. This data is automatically encrypted by default using a symmetric key that is managed by the Microsoft Data Protection Application Program Interface (MS DPAPI).
For customers that require additional security, Venafi Trust Protection Platform provides a
PKCS#11 driver that can be used to integrate with third party Hardware Security Module’s
(HSM’s) such as the Utimaco CryptoServer HSM. This provides the ability to configure Venafi Trust Protection Platform to use keys stored on and managed by the HSM, thus truly separating the stored data from the encryption keys.