The present invention relates to a method of securely using a first tenant secret key stored under an encrypted form in a first token (TKA) of a first tenant (A) identified by a first tenant identifier (UIDA) and having said first tenant secret key, wherein: each tenant identifier (UIDT) for a tenant (T) comprises a first value and, when said tenant (T) is allowed to use a secret key of a parent tenant (Tp) identified by a parent tenant identifier (UIDTP), said parent tenant identifier, appended before said first value, and said first token (TKA) has been generated from said first tenant identifier (UIDA) and a first tenant secret key encrypted with said first tenant identifier (UIDA) and with a first tenant customer master key (CMKA), said first tenant customer master key (CMKA) having been derived from said first tenant identifier (UIDA) and a secure domain master key (SDMK), said method comprising the following steps performed by a secure device storing said secure domain master key (SDMK), on request of a second tenant (B) identified by a second tenant identifier (UIDB): —getting a first tenant identifier (UIDA) of said first tenant (A) from said first token (TKA), —checking if the first tenant identifier (UIDA) is a prefix of or is equal to said second tenant identifier (UIDB), —when said first tenant identifier (UIDA) is a prefix of or is equal to said second tenant identifier (UIDB), recovering said first tenant secret key stored in said first token (TKA) and using it for the second tenant (B).