Blog | comforte

From Scattered Secrets to Centralized Control on HPE Nonstop

Written by Thomas Stoesser | Jul 2, 2026

Encryption is easy, key management is hard. This is an oversimplification, of course. But it speaks to the challenges faced by many enterprise IT and security teams. Encryption can only be a foundational pillar of corporate cybersecurity if the cryptographic keys themselves are securely stored, correctly managed and rotated according to industry best practices.

Unfortunately for HPE Nonstop customers, there is no centralized, comprehensive key and secrets management available. This potentially exposes organizations to huge security and operational risks. Fortunately, third-party solutions like comforte’s TAMUNIO Assure exist to mitigate these risks and provide a solid foundation for broader crypto-modernization efforts.

Some key challenges

SSL/TLS and SSH keys play a critical role in securing traffic between HPE Nonstop terminals as well as remote system- and application-level access into HPE Nonstop. But without a native centralized key and secrets management mechanism, keys reside on the HPE Nonstop disk in the clear. That means anyone with access could use the private key to decrypt traffic flows.

Sometimes organizations use passphrases to unlock the keys. But while this is slightly more secure than storing the key in plaintext, the codes themselves tend to be stored in unprotected configuration files. It results in the same business risks:

  • A single point of compromise
  • Massive operational risk
  • Compliance and audit failure

PCI DSS 4.0, NIS2 and GDPR all demand verifiable key governance, multifactor authentication (MFA) and audit trails. The truth is that existing, ad-hoc key management like this will never satisfy the regulators.

The challenges of key management are growing for two very good reasons. First, the number of certificates and keys is set to explode as organizations journey to post-quantum computing (PQC) via crypto/PQC hybrids. This means each service will have at least two certificates and keys. And second, industry standards for key rotation are set to fall from 200 days in 2026 to 100 next year and 47 days by 2029. This means more frequent rotations, which will be harder if key storage is fragmented.

The problem with secrets

Many of these challenges extend beyond SSL and SSH keys. HPE Nonstop IT teams must manage a large volume of enterprise secrets, from database passwords and API tokens to custom app keys. Without a controlled and centralized way to store them all, secret sprawl is inevitable. Leaks become more likely, increasing security and compliance risk. Auditors cannot get a single source of truth. And operational overheads surge.

If nothing changes, key management pipelines will continue getting more complex, consuming stretched engineering resources. And fragmentation will continue to increase the likelihood of security issues.

Why TAMUNIO Assure holds the key

Against this backdrop, centralized key and secrets management becomes a no brainer — reducing security, compliance and operational risk. That’s exactly what comforte’s TAMUNIO Assure offers:

  • Centralized key and secrets storage eliminates clear-text keys, provides MFA protected access, and delivers audit ready logs
  • HSM-backed storage adds an extra layer of hardware-enforced protection
  • Extensible secrets-management means SSL and SSH keys can be stored alongside database credentials and custom app keys. A single console for all reduces sprawl and operational overheads, simplifies compliance and lowers security risk
  • Full-stack key governance ensures organizations meet PCI DSS 4.0, GDPR, NIS2 requirements
  • Policy-driven access reduces unnecessary exposure by ensuring only authorized personnel can access keys and secrets
  • Split-knowledge and dual-control features add extra security by ensuring no single user knows the entire secret, and two users are required to perform sensitive operations

A more agile future

Not only does centralized key management like this satisfy even the toughest compliance regimes, it also provides a foundation for crypto modernization. These efforts are far easier when you have full visibility of all your crypto assets and a standardized way to store and manage them. It lays the foundation for crypto agility and lights a pathway to PQC.