Secure Key Management

Private keys are essential because they help with decryption and are blindly trusted by all PKI trust stores in the market, from browsers to operating systems. Therefore, when malicious actors uncover a private key, valuable data is compromised through the impersonation of an enterprise’s servers. With AppViewX, you can offer industry-standard protection to your private keys at rest and in motion.

Store Private Keys in an AES-256 bit Encrypted Database or a FIPS 140-2 Certified HSM

Private keys are a gateway to critical information in your infrastructure. Our platform can act as a central, secure key escrow to enhance visibility across your private keys. The private keys are encrypted using AES-256 bit keys before storing and the master encryption key is stored in another secure vault. For added security, you can leverage the capabilities of your network HSMs such as Thales and Gemalto to either encrypt the private keys and have the master key stored in the HSM or store the entire private key content in the HSM. You can also choose to generate the private key and CSR on the HSM.

Secure key management Use a Built in or Third Party Password Vault for Protecting Device Credentials

Use a Built-in or Third-Party Password Vault for Protecting Device Credentials

For any kind of authenticated discovery or certificate management, device credentials are essential to read/write necessary information on the device. Our platform comes with a built-in Hashicorp vault for securing your encryption keys. You can also leverage any third-party password vaults such as CyberArk Enterprise Password Vault to securely access the device. If your vault is set to auto-rotate your passwords periodically, our platform can retrieve the current, active device credentials from the vault to securely manage and automate the various functions of that respective device, without having to continuously update and troubleshoot credential-related issues.

Use Automation Workflows to Push Certificates and Keys to Multiple Devices

Once your device credentials are securely set within AppViewX, you can use our low-code automation workflows to orchestrate certificate enrolment and provisioning across your devices. You can discover, push, renew and delete certificates from your devices on-demand or schedule them later as per convenience. When you launch a certificate provisioning workflow with all the necessary attributes such as CSR parameters, target devices and their SSL profiles, our platform submits the CSR to the respective CA, retrieves the issued certificate, pushes it to the target devices and automatically binds them to the SSL profiles without all while following your business workflows. These automation workflows can also be triggered from your DevOps tools.

Secure key management Use Automation Workflows to Push Certificates and Keys to Multiple Devices
Secure key management Schedule or Provide On demand Time bound Privileged Access to Users

Schedule or Provide On-demand, Time-bound, Privileged Access to Users

Giving time-bound, privileged SSH access to users on-demand has a lot of complications. First, you need to elevate a user’s privileges for a specific period. Second, you need to monitor that SSH session for irregularities. Finally, you need to delete that key to revoke access – all while managing thousands of other keys in the network. With AppViewX, you can automate this entire process on-demand. You can specify a time-period between which a user needs access, post which AppViewX will automatically create a key at the beginning of the time-period, push the key to the necessary server and user account, monitor the on-going session and terminate the session and the key automatically once the time lapses.


30-Minute Live CERT+ Demo

Thursdays 02:00 pm ET / 11:00 am PT


Know More About Our Certificate Lifecycle Automation Solution