Yotta Keys Manager

Issue, rotate, and use cryptographic keys through the platform without spreading key material across agents

What it is

What is Yotta Keys Manager?

Yotta Keys Manager is the customer key-management product, separate from the platform JWT signing-key service. The code models customer-managed key references and providers such as cloud KMS, Vault Transit, and BYOK-style backends. The planned product gives agents and workflows a governed way to encrypt, decrypt, sign, verify, and wrap secrets without raw key material leaving its boundary.

Capabilities

What Keys Manager gives your team

These capabilities are grounded in the current repo surfaces and the planned product updates for the yotta_bot control plane

01Key catalogTrack customer-managed keys, purpose, provider, status, ownership, and rotation posture
02Provider registryRegister Yotta, AWS KMS, GCP KMS, Vault Transit, and customer BYOK-style backends
03Envelope encryptionUse keys to wrap secrets and sensitive platform data
04Signing and verificationSupport signing keys for attestations, approvals, and trusted workflow outputs
05Rotation governanceManage active versions, rotation cadence, and provider-specific lifecycle
06Policy and auditApply identity, purpose, audit, and workflow context to every key operation

Comparison

Keys Manager compared with similar products

KMS products control cryptographic operations. Yotta Keys Manager adds an agent-control-plane catalog and policy layer across internal and external key providers.

Capability	Keys Manager	AWS KMS	Google Cloud KMS	Azure Key Vault	Vault Transit
Primary scope	Customer key references and governed key use	AWS key management	Google Cloud key management	Azure keys, secrets, and certs	Cryptography as a service
Provider posture	Yotta-native plus cloud KMS and Vault providers	AWS cloud	Google Cloud	Azure cloud	Vault deployment
Key material	Referenced or provider-held by design	Held in AWS KMS/HSM options	KMS, HSM, and EKM options	Key Vault/HSM options	Held by Vault transit backend
Agent usage	Policy-aware encrypt, decrypt, sign, and wrap for agents	Application APIs	Application APIs	Application APIs	Application APIs
Secret relationship	Keys wrap secrets; secrets remain separate product	Integrated with AWS services	Integrated with Google services	Same product family as secrets	Transit separate from KV secrets
Audit context	Yotta identity, workflows, logs, and alerts	AWS audit integrations	Cloud Audit Logs	Azure logging/RBAC	Vault audit devices

¹Yotta capability descriptions combine current code surfaces with planned product updates in the repo.
²Similar-product summaries are based on public vendor positioning and documentation reviewed in June 2026.

Try it for yourself

Schedule a demo with someone on our team. We’ll explore your use cases, answer your questions, and find the deployment model that best fits your needs.

Book a demo →