Skip to main content

Certificate Management

Kashimi offers two secure options for handling your Qualified Certificates (QSealC and QWAC), depending on your infrastructure preferences and compliance needs.

Option 1: Managed by Kashimi

We securely store and manage your certificates within our infrastructure:
  • Isolated AWS Account
    Each partner is provisioned a separate AWS account to ensure complete environment isolation.
  • Zero Trust Security Architecture
    Access is enforced through a zero trust model using strict IAM policies, no shared credentials, and continuous monitoring.
  • AWS KMS-Based Storage
    Certificates are securely stored using AWS Key Management Service (KMS), with encryption at rest and strict access control enforced through IAM.
This option reduces your operational burden while ensuring high standards of security and regulatory compliance.

Option 2: Managed by You

You may also choose to manage your QSealC and QWAC certificates within your own infrastructure:
  • Use your cloud provider’s secure storage services (e.g., AWS KMS, Azure Key Vault, GCP Secret Manager).
  • Maintain full control over certificate lifecycle: storage, rotation, renewal, and access management.
  • Integrate with Kashimi APIs by signing and authenticating requests with your hosted certificates.