Skip to content

What is the Data Encryption Key (DEK)?

The Data Encryption Key (DEK) serves a number of important security functions for TLS Protect Cloud. Some of the critical functions of the DEK include:

  • Encrypting stored credentials for your TLS Protect Cloud integrations
  • Encrypting private key material for certificates issued with TLS Protect Cloud generated private keys
  • Providing a mechanism to comply with encryption compliance standards
  • Providing the ability to restore private key material in the case of catastrophic network failures or loss of VSatellites

The DEK is generated when you install your first VSatellite. That DEK is then shared with all VSatellites that are subsequently installed in your network so that all VSatellites use the same DEK.

The DEK is never stored in TLS Protect Cloud in the cloud.


Copies of the DEK reside in your VSatellites and are never stored in TLS Protect Cloud in the cloud. This means that if you delete all of your VSatellites, the DEK is lost.

Next Steps