Techniques for employing a secure enclave to enhance the security of a system that makes use of a remote server that proxies cryptographic keys. In one technique, a proxy server receives a request for a cryptographic operation that is initiated by a client device. The request includes a key name of a cryptographic key and a (e.g., authentication) code. In response, the proxy server sends the code and the request to a secure enclave that is associated with a cryptographic device that stores the cryptographic key. The secure enclave validates the code based on a local key and sends, to the cryptographic device, (1) data associated with the secure enclave and (2) the cryptographic request. The proxy server receives result data that was generated by the cryptographic device that performs the cryptographic operation. The proxy server sends the result data to the client device.