<img src="https://ad.doubleclick.net/ddm/activity/src=11631230;type=pagevw0;cat=pw_allpg;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=${GDPR};gdpr_consent=${GDPR_CONSENT_755};ord=1;num=1?" width="1" height="1" alt="">

Virtru Private Keystore

Take complete ownership of your encrypted cloud data. Host your private keys wherever you like. Let Virtru do the rest, from high volume key exchanges to policy management. With Virtru Private Keystore, your organization can collaborate in the cloud with total confidence that your data remains under your control.

Woman stands in a server room with a laptop, looking up and smiling

Collaborate in the Cloud Without Sacrificing Privacy

The Virtru Private Keystore is a low-cost, integrated way to take control of your data in the cloud, achieve data sovereignty, and support compliance regulations like ITAR, CMMC 2.0, and CJIS.
When you are the sole owner of the keys to your encrypted data in the cloud, your organization can enjoy the many benefits of cloud collaboration platforms like Google and Microsoft 365 — without having to hand over your data. Virtru Private Keystore gives you complete, persistent, and flexible control of who can access your sensitive information — shielding your data from Google, Microsoft, and even Virtru.
With Virtru Private Keystore, you choose where to store your private keys: In a public or private cloud, a private or co-hosted data center, or a hardware security module (HSM). Virtru handles the complexity of policies and key exchanges for you, and our double-key encryption ensures we never have access to your sensitive data. 

The Virtru Private Keystore supports all of Virtru's offerings, as well as Google Workspace CSE and Cloud Platform EKM.

Scroll down to learn more about each solution.

Join more than 8,000 customers who trust Virtru for data-centric security, privacy, and compliance.


Why Host Your Own Encryption Keys?

Ensure Data Privacy and Sovereignty: Support regulatory and data sovereignty requirements by encrypting cloud-hosted data and storing the private keys used to access that data within your own private data center or private cloud. You, and you alone, choose who can access encrypted information.

Strengthen Compliance: Hosting your own keys can support data protection and residency requirements for even the strictest compliance regulations, including CJIS, GDPR, HIPAA, PCI, ITAR, CMMC 2.0, and more.

Surveillance Protection: Strengthen privacy by ensuring any request to access data (including a government subpoena) has to come to your organization — not through your cloud provider or any other third party.

Mature Your Zero Trust Posture: You don’t trust the bank with the key to your safety deposit box, so why trust your cloud provider, or any other third party, to host your encryption keys? With Virtru Private Keystore, you’re never forced to trust Microsoft, Google, or Virtru with access to your unencrypted data.

Centralized Audit: Maintain visibility over all encryption key exchanges and policies, all in one place. Integrate with your SIEM for insights that strengthen threat response and compliance workflows.

Deploy Quickly: Virtru Private Keystore deploys rapidly with Docker containers to align with your existing IT and key management infrastructure. As a result, you can achieve enterprise-scale implementations with low overhead.

Virtru Private Keystore Solutions for Google Cloud Offerings

Virtru makes data sovereignty simple. The Virtru Private Keystore supports both Google Workspace CSE and Google Cloud Platform EKM technologies. Both the CSE and EKM features from Google allow you to host your own private keys, you just need a Google trusted partner to enable the solution. Click below to learn more about each.

Seamless Encryption for Your Everyday Workflows

Because Virtru's solutions integrate directly with the apps you use every day, your teams don't have to change the way they work. Use the Virtru Private Keystore to safeguard sensitive data stored and shared via these common collaboration flows.

Ready to see what the Virtru Private Keystore can do for your organization?


“We want to make sure no other parties can access our email content. So, by having the keys managed on premises, we believe it adds an additional level of security and control.”

-Alfonso Razzi, CIO, Toto Holding Group

How the Virtru Private Keystore Works

The Virtru Private Keystore uses asymmetric encryption on top of Virtru’s native end-to-end encryption, while aligning with your existing infrastructure for enterprise-scale implementations.

When you encrypt an email, a message key is generated, which is then encrypted with a public key. The Virtru Access Control Manager facilitates and authenticates key exchanges, but cannot access your data at any time. The Virtru Private Keystore then hosts a private key that is needed to decrypt the public key and unwrap the message key. This private key never leaves your environment, so you maintain full control to ensure your organization meets its desired data protection and compliance standards.

You can host your private key on-prem, in your private cloud, or on any public cloud service — whatever works best for your organization. Once the Virtru Private Keystore is deployed, it runs in the background, so your team's work won't be impacted. icon-ok


Privacy and Peace of Mind for Cloud Collaboration

Organizations increasingly want full control of their data, including the encryption keys guarding that data. But most cloud-managed, bring your own key (BYOK) approaches cannot deliver on true Zero Trust, as they require you to trust a third-party vendor with access to your keys as well as plain-text content.

Virtru gives you the best of both worlds, serving as a trusted key management partner for executing access control, while giving you true sovereignty over your keys and your content.