Prevent encryption keys from being compromised due to neglect or weak security standards. Leverage vaults and HSMs for storage and circulation, and automation workflows to minimize human contact with individual keys.
Private keys are a gateway to critical information in your infrastructure. Our platform can act as a central, secure key escrow to enhance visibility across your private keys. The private keys are encrypted using AES-256 bit keys before storing and the master encryption key is stored in another secure vault. For added security, you can leverage the capabilities of your network HSMs such as Thales and Gemalto to either encrypt the private keys and have the master key stored in the HSM or store the entire private key content in the HSM. You can also choose to generate the private key and CSR on the HSM.
For any kind of authenticated discovery or certificate management, device credentials are essential to read/write necessary information on the device. Our platform comes with a built-in Hashicorp vault for securing your encryption keys. You can also leverage any third-party password vaults such as CyberArk Enterprise Password Vault to securely access the device. If your vault is set to auto-rotate your passwords periodically, our platform can retrieve the current, active device credentials from the vault to securely manage and automate the various functions of that respective device, without having to continuously update and troubleshoot credential-related issues.
Once your device credentials are securely set within AppViewX, you can use our low-code automation workflows to orchestrate certificate enrolment and provisioning across your devices. You can discover, push, renew and delete certificates from your devices on-demand or schedule them later as per convenience. When you launch a certificate provisioning workflow with all the necessary attributes such as CSR parameters, target devices and their SSL profiles, our platform submits the CSR to the respective CA, retrieves the issued certificate, pushes it to the target devices and automatically binds them to the SSL profiles without all while following your business workflows. These automation workflows can also be triggered from your DevOps tools.
Giving time-bound, privileged SSH access to users on-demand has a lot of complications. First, you need to elevate a user’s privileges for a specific period. Second, you need to monitor that SSH session for irregularities. Finally, you need to delete that key to revoke access – all while managing thousands of other keys in the network. With AppViewX, you can automate this entire process on-demand. You can specify a time-period between which a user needs access, post which AppViewX will automatically create a key at the beginning of the time-period, push the key to the necessary server and user account, monitor the on-going session and terminate the session and the key automatically once the time lapses.
"AppViewX significantly decreased our operational outages due to certificate expiry."
“...We saved 90% time on operations, it really ended up delighting our end users, they’re surprised at how easy it is to request certificates”
Xcel Energy, USA