// products line
// products

Enterprise products.

Commercial Craton products built on top of our open-source cores. Hardware-backed cryptography, vendor-specific integrations, regulated-industry compliance modules. Source-available under BSL-1.1; commercial license required for production use.

Craton HSM Enterprise

Production-grade HSM platform. Vendor-specific hardware backends, enterprise auth, clustering, KMIP, and cloud integrations on top of the Craton HSM open core.

Available
License: BSL-1.1 (commercial required for production)

Everything in the open Craton HSM Core, plus a FIPS-validated AWS-LC backend, hardware passthrough for NXP HSE and Infineon TPM, Windows CNG support, and the operational pieces a production deployment actually needs: RBAC + LDAP + MFA + OIDC, multi-tenant key isolation with per-tenant quotas, Raft-based clustering, KMIP key lifecycle, Kubernetes CSI, and AWS / Azure / Vault shims.

Capabilities
  • FIPS-validated crypto backend (aws-lc-rs) with FIPS 140-3 certification roadmap
  • Hardware passthrough: NXP HSE (S32G/S32K3), Infineon SLB 9670/9672 TPM, generic PKCS#11
  • Enterprise auth: RBAC, LDAP, X.509 client certs, MFA, OIDC, dual-control
  • Multi-tenant management with per-tenant key quotas and isolation
  • Raft consensus and replication for HA clustering
  • KMIP key lifecycle server (TTLV)
  • Cloud integrations: Kubernetes CSI driver, AWS / Azure / Vault shims
  • Windows CNG/BCrypt backend (FIPS via Windows CNG)
  • Reproducible builds and CMVP / CAVP / ACVP harness
Standards & integrations
FIPS 140-3PKCS#11 v3.0KMIPOIDCLDAP
Talk to salesGitHub ↗

Craton Shield Enterprise

Production hardening for Craton Shield: hardware-backed cryptography, QNX RTOS support, and fleet telemetry.

Available
License: BSL-1.1 (commercial required for production)

Everything in the open Craton Shield Core, plus the modules a fielded deployment requires: hardware-backed crypto via PKCS#11 (Thales Luna, Utimaco, NXP SE050) and TPM 2.0, a QNX HAL for production automotive RTOS targets, and a VSOC telemetry uplink for encrypted-batch fleet visibility. Free RustCryptoProvider remains under Apache-2.0 in the open core.

Capabilities
  • PKCS#11 crypto provider (Thales Luna, Utimaco, NXP SE050, SoftHSM2)
  • TPM 2.0 crypto provider with PCR extend/read
  • QNX Neutrino RTOS HAL — production on QNX 7.1 aarch64
  • VSOC fleet telemetry uplink — AES-GCM + ECDSA encrypted batch
  • Roadmap: SIEM connectors, fleet correlator
Standards & integrations
ISO/SAE 21434UN R155ISO 26262 ASIL-B (target)AUTOSAR AP R22-11ISO 14229TUF/Uptane
Talk to salesGitHub ↗

Kitchens and closets CPQ

Configure-Price-Quote for kitchen cabinetry — 3D visualization, real-time pricing, BOM and manufacturing integration.

Coming soon
License: Commercial (per-seat or per-deployment)

A production-grade kitchen cabinetry CPQ system with 3D visualization, real-time pricing, constraint validation, BOM generation, and ERP write-back. Built to reach feature parity with 3CAD and the Cyncly product surface — designed for kitchen manufacturers and dealers who have outgrown spreadsheet-and-Excel quoting flows. Currently in private rollout; early-access pilots opening selectively.

Capabilities
  • 3D kitchen configurator with constraint-validated cabinetry catalog
  • Real-time pricing engine with discount and channel-pricing tiers
  • Auto-generated BOM and cut-list output for the shop floor
  • ERP write-back integrations (SAP, Dynamics, NetSuite, custom)
  • Multi-tenant, role-aware (sales, dealer, manufacturer, admin)
Standards & integrations
3CAD-class feature parityCyncly-class output
// commercial licensing

Need a commercial license or production support?

Talk to us about deployment, integration, and certification support. We respond within one business day, signed NDA on request.

Talk to sales →