Where to store a server side encryption key?

Here are your possibilities, roughly in decreasing order of sophistication.

  1. Use an external Hardware Security Module. There is an entire industry of products designed for offloading security-sensitive operations to external devices. This doesn't solve the problem so much as relocate it, but it relocates it to device that is far more secure, so altogether it's a security win. If you're doing anything high-stakes, then this is almost certainly going to factor into your solution.

  2. Tie the encryption to your hardware. In theory HSMs do precisely this, only we tend to expect a bit more sophistication from an HSM than just hardware-backed crypto. But there are cheaper options available if you don't need the throughput and compliance that a true HSM brings to the table. TPM chips were invented in part for this purpose, and many examples exist showing how to integrate with them. Additionally, dedicated crypto hardware has become fairly inexpensive, and re-purposing devices like Open-Source U2F Keys for this is simpler than it sounds.

  3. Tie the encryption key to your admin login (e.g. encrypt the the encryption key with your admin login). This is only marginally useful as it requires you to be logged in in order to encrypt/decrypt anything. But on the plus side, no one can encrypt/decrypt anything unless you're logged in (i.e. greater control). Much of the secure storage in Windows works like this.

  4. Type in the encryption key when you start up, store it in memory. This protects against offline attacks (unless they capture the key out of RAM, which is tougher to do). Similar to the option above, but also different. However, the server boots into an unusuable state, requiring you to manually supply the key before work can be done.

  5. Store the key on a different server. E.g. put the key on the web server and the encrypted data on the database server. This protects you to some degree because someone would have to know to grab the key as well as the database, and they'd also have to have access to both servers. Not amazingly secure, but an extremely popular option anyway. Most people who think they're doing it right do it this way. If you're considering doing this, then also consider one of the first two options mentioned above.

  6. Store the key elsewhere on the same server. Adds marginal security, but not a whole lot. Most smaller operations do this -- they shouldn't, but they do. Typically because they only have one server and it runs in some cloud somewhere. This is like taping a key to the door instead of leaving it in the lock; guaranteed to stop the most incompetent of attackers.

  7. Store the key in the database. Now you're not even trying. Still, a depressingly popular option.

Many cloud-based KMS solutions (e.g: AWS, GCP, Azure) when used most effectively will bind your encryption to your cloud VMs or environment. The unique identity of your VM is easy for the hypervisor to establish and assert, and the KMS uses the combination of that identity and the permissions you've assigned it to allow access to an HSM-managed encryption key. This is similar to a combination of options 1 and 2, modulated to account for the ephemeral nature of Cloud VMs. These KMS solutions generally also are compatible the platform's other identity mechanisms, effectively tying encryption keys to login keys; a lot like option 3.


I realize this was answered a while ago, but to give a couple of examples to Tyler's good answer:

  • I plan to use his #3 to tie a password to a service account and use a Powershell cmdlet to grab it. That way the scripts do not need to be as heavily modified. The service account's password is in Active Directory and would have to be compromised first. This works for me since I have used it on two servers.

  • For his #5, to meet our compliance we were able to store a key in plain text on another server with external storage because that storage was itself encrypted and access to it restricted. As Tyler mentions the latter doesn't seem so secure, but it was good enough even for a tough assessor.


You can create two layer architecture for the key management.

  1. A key to encryp your data at rest encrypting the tablespaces,or column based.
  2. Master key to unlock 1.

for your master key(s) use one of one of the established key management solutions such as:

  • Amazon AWS KMS
  • Oracle Vault
  • Microsoft MKS.
  • or open source ones.

Just keep in mind that your key manager has to support equal or higher availability than your infrastructure where the managed key are used.