What Cloak KMS gives you

  • HSM-Backed Keys

    Generate and protect keys in managed infrastructure designed for stronger cryptographic assurance than ordinary software-only key storage.

  • Real Operations

    Run sign, verify, encrypt, decrypt, ECDH, and public-key retrieval through one consistent API and console workflow.

  • Tenant Isolation

    Separate users, teams, and environments with tenant-aware authorization, usage tracking, and policy controls.

  • Auditability

    Review cryptographic activity with logs and managed workflows for master key lifecycle and operational oversight.

  • Developer Usability

    Move quickly with a console, safe Try It tooling, and a practical path from evaluation to production integration.

  • Local Hardware Support

    Use local smartcard and PKCS#11-backed hardware through the Cloak kms-ws-agent model when you need hardware on your own machine.

How Cloak KMS works

Cloud KMS Control Plane

Create tenants, manage keys, define access, and inspect operations from the cloud console and API layer.

Managed Master Key Workflows

Apply lifecycle controls to sensitive master keys and keep administrative actions visible and reviewable.

Cryptographic Operations

Trigger signing, verification, encryption, decryption, and related operations through a secure service interface.

Enterprise and Hybrid Connectivity

Enterprise gateway and local hardware connectivity

Keep cloud orchestration central while integrating enterprise environments and optional local hardware-backed execution paths.

Local Smartcard HSM via kms-ws-agent

Pro users can run a local websocket agent on their machine so local smartcard HSM operations stay hardware-backed while policy stays centrally managed.

Technical Specifications

Cloak KMS technical specifications

Review the detailed technical capabilities and implementation direction behind the Cloak KMS platform.

More details

Built for AI-agent workflows

Strong controls for automated cryptographic usage

Cloak KMS supports a controlled model for AI and developer tooling. Teams can expose approved capabilities through MCP, issue scoped agent credentials, track usage, and revoke or rotate access without rebuilding key management from scratch.

This makes Cloak a practical control plane for agentic systems that need to sign payloads, verify signatures, inspect public keys, or work within approval and policy boundaries.

Agent Access

Manage credentials and permissions for agents directly from the console.

MCP Endpoint

Provide secure KMS tools for list keys, read public key, sign, and verify actions.

Expiry and Rotation

Set credential lifetimes, rotate access, and revoke tokens as roles or workflows change.

Usage Tracking

Keep visibility over who used which key capability, when, and under what scope.

Use cases for Cloak KMS

Financial and regulated teams

Protect signing keys, approval flows, and sensitive workloads with stronger custody, auditability, and policy enforcement.

Document signing workflows

Back PDF and document signing processes with centrally managed keys and consistent cryptographic controls.

SaaS engineering teams

Use HSM-backed keys for application trust, service encryption, release pipelines, and backend identity workflows.

AI-enabled systems

Allow agents to sign or verify within approved boundaries instead of distributing raw private keys into automation.

"Our rigorous verification process shows that Cloak offers real enterprise-grade secure solutions. It is way more secure than common cloud services."

Dr. Liu Yang CTO, Semantic Eng. Asst. Prof, NTU

"Cloak offers a secure way to share sensitive intellectual property in my team using public key encryption."

James Rappel Engineering Manager

"The platform gives smaller teams access to stronger key protection without the normal cost and operational complexity of deploying dedicated HSM infrastructure."

Cloak Customer Profile Security and Compliance Lead

Cloak security products have been used by MNCs, governments, SMBs, and regulated teams that need credible protection for sensitive data and cryptographic processes.




award award award award award

Plans for evaluation, pro use, and enterprise rollout

Positioned to give users and teams a low-friction path into HSM-backed key operations.


0 $
entry tier

Free

Evaluate HSM-backed signing and encryption without upfront commitment.
Limited monthly signing and encryption usage
Unlimited verification and decryption
Smartcard HSM RSA and ECC operations
Best for testing, prototypes, and initial developer evaluation
899 $
USD per annum

Pro

For professional users and small teams that need affordable, recurring access to HSM-backed key operations.
Unlimited encryption or signing operations
Suitable for developer, operations, and local hardware-backed workflows
Includes access to the cloud-managed KMS platform
Order Now
Fr 10,000 $
USD per annum

Enterprise

For organizations that need tenant controls, local hardware integration, custom rollout, and policy-led operations.
Enterprise gateway and integration support
Company-managed smartcard HSM and hybrid deployment options
SSO, directory integration, and tailored onboarding
Support for enterprise and agentic workflow design
Contact us now

Discuss your deployment

Need a plan for developers, enterprise, or AI-agent use?

Cloak KMS is designed for teams that need strong cryptographic controls without the cost and complexity of running their own HSM fleet from day one.

We can help you evaluate the right plan, architecture, and rollout model whether you are testing with a free tier, moving to production, or connecting local hardware into a cloud-managed control plane.

Marcus Tan

Founder

  • Paya Lebar Square #06-28 Singapore 409051
  • sales@cloakapps.com
  • +65 9656 2333