KMSOpen source · BSD-3-Clause
age
Community project
A modern, deliberately simple file encryption tool and format, built as a smaller and harder-to-misuse alternative to PGP for encrypting individual files with a passphrase, an SSH key, or a small dedicated recipient key. Created by security engineer Filippo Valsorda; a project rather than a company, with no centralized key management — it encrypts and decrypts files, not an organization's whole key estate.
Verified Source: 1
- Product type
- Community project
- Deployment
- CLI
- Organization size
- IndividualSMBMid-marketEnterprise
- Pricing tier
- Free
Capability checklist
KMSHow age measures up against the full Encryption & Key Management taxonomy.
- Centralized key lifecycle management — not supported
- Creates, distributes, rotates, and retires encryption keys from one system.
- HSM-backed key storage — not supported
- Stores the most sensitive keys in dedicated hardware security modules.
- Encryption enforcement — supported
- Ensures data at rest and in transit is actually encrypted, not just capable of it.
- Automated key rotation — not supported
- Rotates keys on a schedule without requiring manual intervention.
- BYOK / HYOK cloud support — not supported
- Lets customers bring or hold their own keys for data stored in cloud provider services.
- Access audit logging — not supported
- Logs every use of a key for security review and compliance evidence.
Alternatives
Other Encryption & Key Management tools with overlapping capabilities, sized for similar teams.
Appears in stacks
Real-world stacks that include age.