Post-quantum at rest
Every object is encrypted with ML-KEM-1024 (NIST FIPS 203). Data harvested today stays sealed when quantum computers arrive.
What this means →Object storage · Post-quantum · Self-hosted
Your data, sealed for the quantum era.
KerPlace is an S3-compatible object store that encrypts every object with post-quantum cryptography and lets the keys live somewhere only you control.
Built for organisations that must keep data confidential for years — and intend to keep custody of the keys that open it. KerPlace stores objects encrypted at rest with a NIST-standardised post-quantum algorithm, speaks the S3 API your tools already use, and runs entirely on infrastructure you own.
Off-host key custody
Your data on their host, your keys on your device. A stolen disk or a breached host yields only ciphertext — useless without the key you hold.
The custody model →Drop-in S3
Speaks the S3 API. mc, aws, rclone,
s3fs and your SDKs work unchanged — and move off MinIO over the same API.
Sovereign & self-hosted
Runs where you put it: your laptop, your datacentre, your cloud. There is no vendor in the path between you and your data.
Configure it →Durable by design
Reed-Solomon erasure coding survives drive loss; per-shard checksums detect and heal silent corruption before it spreads.
How it protects data →Revocable access
Cut the key at the external KMS and the data goes dark instantly — even while the server is running. Access is yours to grant and to withdraw.
Revocation →Coming from MinIO?
When the community edition was stripped back, the data didn't move. KerPlace is where it stays.