The key management policies and procedures guide users about managing the encryption keys. Access to cryptographic keys is restricted to specific users and all access is logged and monitored.

All the customer-specific keys used in VMware Cloud services are unique for each customer. An independent certificate authority generates customer-specific keys programmatically at the time of provisioning. These keys are associated with the unique URLs created for each customer.

VMware has key management controls and personnel for managing and securing the encryption certificates used to communicate with the VMware Cloud service consoles. VMware Cloud service operations provide information regarding the certificates installed, certificates about to expire, and certificates revoked through a certificate management dashboard.

VMware uses a commercial solution to secure, store, and control the access to tokens, passwords, certificates, API keys, and other confidential information. In addition, VMware certificate vendors have certificate management dashboards that can be used to monitor and manage the certificates for which VMware is responsible.

A VMware application monitors and automates the management of keys for both the key management controls and commercial solution encryption key management systems.