Clever KMS
Built on our Materia architecture and FoundationDB, Clever KMS delivers strong isolation between tenants, native encryption in transit and at rest, and resilient, horizontally scalable storage that keeps your secrets available when your applications need them most.
Clever KMS can be used with any tool compatible with the Vault client (Hashicorp).
-
01
01 HashiCorp Vault-compatible interface
Clever KMS is compatible with HashiCorp Vault. Your existing tools and scripts remain functional. You keep your workflows, we handle the backend.
0202 Strong tenant isolation and access control
Clever KMS uses Biscuit tokens for secure access control. Customer secrets are isolated, ensuring data privacy.
0303 State-of-the-art encryption
Secured with XChaCha20-Poly1305 encryption, our KMS ensures optimal protection of your sensitive data, combining high speed with cutting-edge cryptographic strength.
0404 Resilient by design, tested at scale
Clever KMS is designed to stay reliable. It uses the Materia architecture on top of FoundationDB, a distributed database guaranteeing strong data consistency and durability.
0505 Scales with your workloads and deployment models
Clever KMS grows with you. We can add more capacity for traffic or storage, and you can run it serverless, dedicated, or on-premise.
What Powers Clever KMS
Clever KMS is a security service that stores and manages your secret data. It’s built on our own robust, reliable Clever Cloud technology and uses industry-standard encryption and security measures (like HashiCorp Vault-compatible tools and modern TLS) to keep your information safe and isolated from others.
Use Cases
- Centralising secrets for growing teams – Keep all your passwords and sensitive information in one safe place instead of scattered across tools or documents.
- Managing API keys, certificates and encryption keys – Store and protect all your API keys and certificates in one system, with easy updates and built-in encryption.
- Drop-in backend for Vault-enabled tools and gateways – If you already use tools that work with the Vault API, they will work with Clever KMS right away, no changes needed.
- Meeting institutional-grade security and compliance needs – Clever KMS follows strict security standards and was designed with the help of experts to meet high compliance requirements.
Advantages of being on Clever Cloud
Easy integration with your Clever Cloud apps
Connect Clever KMS to your applications in just a few steps. No complex setup needed.
Flexible deployment options
Use Clever KMS the way you prefer: serverless, dedicated, or even on-premise for stricter requirements.
A trusted European cloud provider
Your secrets run on Clever Cloud’s secure infrastructure, built and operated in Europe.
Early access and direct support
Be among the first users and work closely with our engineering team as we expand the service.
Protect Your Secrets Today
Clever KMS offers managed, secure secrets management on Clever Cloud.
It’s compatible with Vault, uses strong cryptography, and a resilient architecture. Use it to centralize and secure passwords, keys, and sensitive data.
Request early access now.
Discover our news
Clever Cloud to be heard by the National Assembly’s Law Committee in the context of the bill on securing Digital Public Procurement
Nantes, 16 February 2026 – Clever Cloud is honoured to be heard on 20 February 2026 before the Law Committee of the French National Assembly as part of the examination of Bill No. 2258 on securing digital public procurement, adopted by the Senate.Elasticsearch Observability: logs, metrics, and traces explained
Modern architectures generate ever-growing volumes of data. Microservices, APIs, cloud workloads, and serverless environments multiply potential failure points. In this context, understanding what is really happening in production has become a central challenge.ELK Stack: what it is used for and how to use it for observability
Understanding what is really happening inside a modern application has become increasingly complex. Microservices, cloud environments, and the growing number of physical or virtual servers all contribute to an explosion of technical signals. This distribution makes so-called “traditional” log analysis—based on directly connecting to a single machine—hard to sustain at scale.