FIG. 7 illustrates an example network server with a key management system to acquire quorum approval to perform an operation on a cryptographic item in accordance with some embodiments of the present disclosure.

FIG. 8 illustrates an example computer system in which embodiments of the present disclosure operate.

In general, a key management system may reside in a secure enclave of a computing system that is cryptographically isolated from applications and operating systems executed by the computing system. The key management system may store one or more cryptographic items for various applications. The cryptographic items may be cryptographic keys and/or cryptographic plugins. The key management system may receive requests from applications to perform operations associated with the cryptographic items of the key management system. Such operations may include, but are not limited to, exporting a cryptographic item, encrypting data using the cryptographic item, modifying a cryptographic item, deleting a cryptographic item and/or entity, etc. Generally, performing such operations on a cryptographic item may require a user of the application to have authorization to perform the operations. If the user of the application has the authorization required to perform the operation with the cryptographic item, then the key management system may perform the operation requested by the application.