Fortanix Key Insight for External Key Source Concepts

Prev Next

1.0 Introduction

This article describes the concepts related to the external key source connections and illustrates how Fortanix Key Insight helps implement uniform key lifecycle management policies and processes across different external key source key management systems.

2.0 Terminology References

CONCEPT

DESCRIPTION

External Key Source Connection

In Fortanix Key Insight, external key source refers specifically to Fortanix-Data-Security-Manager (DSM), which can be deployed as SaaS or on-premises and configured as a source of truth for key provenance and lifecycle tracking.

Key Discovery

The process of identifying and locating cryptographic keys across various external key management systems. Fortanix Key Insight connects to the external key source to analyze how the keys are used.

DSM SaaS

Fortanix Data Security Manager (DSM) SaaS is an integrated Data Security as a Service that provides secure key management and cryptography services, including cloud key management, secret management, and tokenization to protect sensitive data in public, private, hybrid, or multi-cloud environments. Encryption keys are stored in the FIPS 140-2 Level 3 certified HSM, and cryptographic operations are securely executed within the module. HSM as a service simplifies operations and reduces management overhead. The service can be accessed publicly using the cloud.

Refer to Fortanix DSM SaaS Global Availability Map to see all global locations.

Fortanix Key Insight scans Fortanix DSM SaaS keys using region details, a private key, and certificates. A connection to Fortanix DSM can be established from Key Insight using the Administrative App UUID.

DSM On-Premises

Fortanix DSM can be deployed on-premises using our FIPS 140-2 Level 3 compliant FX2200 physical hardware appliance. To provide customer with maximum operational flexibility (for example, full range of algorithms and key lengths) and access to the latest feature releases and security patches, the appliances should be configured to operate in non-FIPS mode.

Fortanix Key Insight scans Fortanix DSM on-premises keys using a scanner configuration file. The connection to Fortanix DSM is established using the URL provided in this configuration file.

Keys

Keys are the primary resource in an external key source connection and serve as logical representations of cryptographic keys. Each key is assigned with a unique key identifier, or key ID. Fortanix Key Insight scans all the external key source keys within the SaaS cluster or on-premises databases and identifies their key compliance status.

Key Correlation

The process of linking discovered cryptographic keys to their source of origin.

Fortanix Key Insight uses the configured Fortanix DSM credentials to determine whether scanned keys originate from DSM SaaS or on-premises, providing insights into key provenance and improving governance.

DSM On-Premises Sync

The act of synchronizing cryptographic key information and state between the Fortanix DSM on-premises scanner and Fortanix Key Insight, ensuring that the state and contents of DSM on-premises reflect those of the Fortanix Key Insight on-premises environment.

Application Credentials

A set of authentication parameters used to establish a trusted connection between Fortanix Key Insight and Fortanix DSM.

This includes details such as region, API key, and client certificate. These credentials are necessary for enabling external key source correlation with Fortanix DSM applications.

3.0 Fortanix Key Insight Features – External Key Source Connection

The Fortanix Key Insight external key source connection has the following features:

  • Enables users to scan all keys across Fortanix DSM environments (SaaS or On-Premises), identify encrypted keys, and determine the keys used for encryption.

  • Provides a dashboard view of cryptographic key compliance status across an external key source connection. The dashboard shows information such as:

    • Fortanix DSM discovered keys and correlated keys

    • Keys by status

    • Keys by type

    • Keys correlation by connection

  • For every key in an external key source connection,

    • Displays a tabular view with filtering options showing key name, key operations key owner, key curve, size, group and so on.

    • Provides a map of the key compliance statuses.

    • Detects non-compliant keys based on the applied default policy and generates vulnerability alerts according to NIST standards.

    • Shows essential information such as key properties, key owner(s), rotation, and custom attributes.

    • Offers navigation to directly view key details directly in the Fortanix DSM user interface (UI).

  • Allows users to export all scanned key data in comma-separated values (CSV) format and track export activities.

  • Provides a dashboard for assessing an external key source connection Post-Quantum Cryptography (PQC) readiness, featuring a Sunburst chart that simplifies the visualization of key data points and includes drill-down capabilities for deeper insights.