The Distributed Key Manager (DKM) provides a solution for securely sharing data amongst multiple machines and multiple users/service accounts. DKM is a client-side library that lets users encrypt data under a shared group secret key so that only members of the group can decrypt the data. Our API is very similar to the familiar DPAPI: the caller creates a GroupKey object and binds it to a group of users.