Umbra
Secrets under your keys
Secrets and fleet data under your keys, moving toward keys we never hold.
Under your keys today; the roadmap is keys we never hold, on an externally audited protocol.
Fleet data and secrets are encrypted under an envelope key we hold and delete on account termination or request, which makes them permanently unreadable, a crypto-shred with nothing to configure. Static blobs stored with us are opaque to us at rest. Enterprises can bring their own KMS key (BYOK): revoke it and watch our access die in your own CloudTrail. The roadmap moves toward keys we never hold, on an externally audited protocol.
- Encrypted by default under an envelope key we delete on account termination or request, a crypto-shred.
- Static blobs stored with us are opaque to us at rest.
- Roadmap: client-held keys with an externally audited protocol.
One module of the Alyria platform.
Umbra works alongside the rest of Alyria — prevention and detection for every AI agent your people run, tied together by one policy engine and one signed audit chain.
Put Umbra to work.
Deploy Beacon read-only and see how Umbra fits at the endpoint, under your keys.