What do people like for Encryption Key Management software? Have you implemented a single solution for your firm, or is a departmental/business-line choice?
Thanks in advance
Thales N-shield HSM. Only our "security department" is sufficiently "paranoid" to worry about this. The "lines of business" depend upon us to provide the tools and procedures. This is one of those few areas where hardware is better than software.
HSMs, always about secure key storage for me, for the most part, it's been either Thales NCipher or Gemalto SafeNet. One contender you could consider is Utimaco, I came across them at a stand last year and Sophos had spun them out. They would need to operate a very tight ship being German. Of course, all HSM providers have some sort of management solution.
Another solution for storage might be on smart cards - as required for 'Qualified Digital Signatures'*.
Specifically, with regards to software, Venafi is the key management beast and covers everything if you have a broad use case I've not seen anyone beat them.
Though a lot depends on what kinds of keys and where Digicert(spun out of Symantec) has a managed PKI that works for certificates, Tectia can do SSH, Cyberark can do some of these plus privileged user management and secret injection into containers.
OP, What sort of 'keys' are we talking about here?
*These are really a thing, big in Europe and, nope sadly are not hashes encrypted with private keys that studied at university...
To be honest, I was actually thinking more of software encryption key management when I asked the question.
Another good approach is to look at who implements Key Managment Interoperability Protocol(KMIP) and is recognized by OASIS. There is probably a days research contained in that list for you.
If you are a VMware user with Vsphere 6.5 you could look at the QuintessenceLabs qCrypt KMS VM software version.
If you are supporting a U.S. Federal agency only HSM's meet the standards established by NIST. This is a hardware implementation.
Most software implementations are not secure enough to make me want to ever store the "keys to the kingdom" in them.