3.0 Fortanix Key Insight - Log in and Create Account
Fortanix Key Insight is a solution on the Fortanix Fortanix Armor platform. So, you need to create an account on the platform if you do not already have one.
3.1 Sign Up and Log In to Fortanix Platform - New Users
If you are accessing Fortanix Key Insight for the first time, you need to sign up for Fortanix Armor to access Key Insight. For the subsequent access, you can log in to Fortanix Armor directly.
After you access the Key Insight solution from Fortanix Armor, if you want to onboard an external key source, that is Fortanix DSM (SaaS) connection, then you need to configure it to scan your keys and services.
4.1 Prerequisites
The following are the prerequisites to add a Fortanix DSM (SaaS) connection to Fortanix Key Insight:
Fortanix DSM Account Setup: A valid and active Fortanix DSM (SaaS) account is set up to allow communication between Fortanix DSM and Key Insight.
Application Configuration: An application (app) must be created in Fortanix DSM (SaaS) to enable interaction between the two solutions. This application defines the roles and permissions required for key management.
Security Objects Setup: Security objects, such as keys or key versions, must be created and configured within Fortanix DSM (SaaS) to allow secure key management and usage by Fortanix Key Insight.
Group Configuration: User groups or access policies should be configured in Fortanix DSM (SaaS) to ensure appropriate access control and permissions for users interacting with keys through Fortanix Key Insight.
After you create a Fortanix Armor account, you will be redirected to the Fortanix Armor Available Solutions page.
Figure 1: Access available solutions
To onboard a Fortanix DSM (SaaS) connection:
Click GO TO KEY INSIGHT.
On the Let's Connect to Your Cloud, On-Premises or External Key Source Provider page, select External Key Source Connections type and the Fortanix DSM (SaaS) provider.
Click NEXT.
Figure 2: Select DSM (SaaS) provider
On the Let's Connect to Your External Key Source Provider form, add a Fortanix DSM (SaaS) connection using the following steps:
Click SAVE AND PROCEED. The connection will be added under the EXTERNAL KEY SOURCE tab on Connections page, though it will not yet be integrated with Fortanix DSM.
Figure 3: Add DSM (SaaS) connection
On the Admin App UUID page, configure private key and certificate to establish a connection with Fortanix DSM (SaaS) using the following steps:
Click GENERATE PRIVATE KEY to create a private key. You can generate a maximum of two private keys.
Click GENERATE ANOTHER PRIVATE KEY to generate an additional key.
You can delete the private key using the .
Click GENERATE CERTIFICATE to generate a self-signed certificate. This button will only be enabled after generating a private key.
You can copy the generated certificate details.
You can also RE-GENERATE THE CERTIFICATE, if required.
After generating and downloading the certificate,
Log in to your Fortanix Data Security Manager account in the same region selected in Step 4.b above to ensure proper correlation.
Create an administrative app using the steps mentioned in Create Admin Apps, selecting Certificate as the authentication method and uploading the certificate generated in Step b.
After creating the admin app, copy the UUID value.
Enter the Admin app UUID obtained from Fortanix DSM (SaaS) admin app.
Click CONNECT to establish the connection between Fortanix DSM (SaaS) and Fortanix Key Insight. If your credentials (region and certificate) are incorrect, an error message will appear. Ensure you use the correct credentials to establish the connection with Fortanix DSM (SaaS).
Figure 4: Configure Fortanix DSM (SaaS) in Fortanix Key Insight
After Fortanix DSM (SaaS) connection is added,
All security objects configured in your Fortanix DSM (SaaS) account and accessible by the admin app will be imported to Fortanix Key Insight.
The new external key source will appear in the EXTERNAL KEY SOURCE tab with TYPE value set to DSM (SaaS).
LAST SCAN value reflecting the creation time stamp.
If your Fortanix Armor account is deactivated and you are accessing the Fortanix Key Insight external key source (Fortanix DSM SaaS) connection, you will not be able to view data under the Overview, Keys, or PQC Central pages. You will only have access to view and delete items within the Connections, Policy Center, and Authentication pages.
It is recommended to use a unique admin app UUID for each Fortanix DSM (SaaS) connection when creating or editing to prevent performance degradation and avoid unnecessary clutter.
After creating Foranix DSM (SaaS) connection, a group with the same name will be created on the Fortanix IAM Groups page. For more details, refer to Fortanix Armor Identity and Access Management-IAM.
After accessing the Fortanix Key Insight solution from Fortanix Armor, if you want to onboard an external key source, that is Fortanix DSM (On-Premises) connection, you need to configure it to scan your keys and services.
After you create a Fortanix Armor account, you will be redirected to the Fortanix Armor Available Solutions page.
Figure 5: Access available solutions
To onboard a Fortanix DSM (On-Premises) connection:
Click GO TO KEY INSIGHT.
On the Let's Connect to Your Cloud, On-Premises or External Key Source Provider page, select External Key Source Connections type and the Fortanix DSM (On-Premises) provider.
Click NEXT.
Figure 6: Select DSM (On-Premises) provider
On the Add DSM (On-Premises) Connection form, add a Fortanix DSM (On-Premises) connection using the following steps:
Click ADD DSM if you have not enabled the I have downloaded and installed the Scanner package check box. The connection will be added under the EXTERNAL KEY SOURCE tab on Connections page, though it will not yet be integrated with Fortanix DSM.
Select to enable I have downloaded and installed the Scanner package check box to confirm the scanner installation.
Click GENERATE API KEY to add the scanner using the generated API key.
On the API Key Details dialog box, click COPY API KEY to copy the API key value.
Click ADD SCANNER & GENERATE API KEY if you have enabled the I have downloaded and installed the Scanner package check box, to add the scanner using the generated API key. You will be authenticating with Fortanix Key Insight using the API keys.
On the API Key Details dialog box, click COPY API KEY to copy the API key value. This value is used to authenticate both the Fortanix DSM on-premises scanner and Fortanix Key Insight.
Figure 7: Configure an Fortanix DSM on-premises connection
The new Fortanix DSM on-premises connection will be added to the EXTERNAL KEY SOURCE tab on Connections page.
After Fortanix DSM (On-Premises) connection is added,
The new external key source will appear in the EXTERNAL KEY SOURCE tab with TYPE value set to DSM (On-Premises).
LAST SCAN value reflecting the creation time stamp.
The CONNECTION STATUS column displays one of the following statuses:
Connected: The scanner package has been successfully added, and all keys have been scanned and imported.
Pending: The scanner package has been added, but the keys sync is still pending. For Fortanix DSM On-premises connections in this state:
You must use the generated API key to connect with Fortanix Key Insight.
To begin scanning, you need to add the resources after establishing the connection.
Disconnected: The scanner package is connected, but the session has been terminated. For Fortanix DSM On-premises connections that are disconnected, you will need to restart the scanner to re-establish the connection.
If your Fortanix Armor account is deactivated and you are accessing the Fortanix Key Insight external key source (Fortanix DSM On-Premises) connection, you will not be able to view data under the Overview, Keys, or PQC Central pages. You will only have access to view and delete items within the Connections, Policy Center, and Authentication pages.
After creating Foranix DSM (On-Premises) connection, a group with the same name will be created on the Fortanix IAM Groups page. For more details, refer to Fortanix Armor Identity and Access Management-IAM.
An external key source, such as Fortanix DSM (SaaS or On-Premises), integrated with Fortanix Key Insight is used to manage and protect cryptographic keys. This integration also simplifies compliance by providing a unified, cohesive view of the entire key inventory and lifecycle governance.
You can add, edit, delete, and rescan external key sources within Fortanix Key Insight using the EXTERNAL KEY SOURCE tab on the Connections page.
Click each connection to navigate to its corresponding Overview page. You can copy the Connection ID as well, if required.
Figure 8: Access external key source
NOTE
Users with the Account Administrator and Group Administrator roles can only perform add, edit, delete, and rescan operations for the external key source connection.
6.1 Edit an External Key Source Connection
Use this feature to update the external key source connection details if required.
Perform the following steps to edit the external key source connection:
Click EDIT for the required external key source connection under the EXTERNAL KEY SOURCE tab.
On the Edit <External Key Source> page, update the required details.
Click SAVE to apply the changes. Click CANCEL to discard the changes.
NOTE
You can also edit the external key source connection during the cloud and on-premises connections onboarding.
Figure 9: Edit external key source
When you update the external key source details, you must rescan both the external key source connection and any associated parent cloud or on-premises connection to apply the new values.
6.2 Delete an External Key Source Connection
Use this feature to remove an external key source connection and its associated information.
Perform the following steps to delete the external key source connection:
Click DELETE for the required external key source connection under the EXTERNAL KEY SOURCE tab.
On the Delete External Key Source Connection dialog box, read all the details and enter the external key source name.
Click CONFIRM to delete the external key source.
WARNING
Deleting the external key source connection cannot be undone.
After deletion, the external key source connection will be removed from the EXTERNAL KEY SOURCE list.
6.3 Rescan an External Key Source Connection
Use this feature to restart the scan for external key source.
Perform the following steps to rescan the external key source:
Click RESCAN for the required external key source connection under the EXTERNAL KEY SOURCE tab.
NOTE
The RESCAN option is available only when the external key source connection status is Connected.
On the Scan Connection page, click START SCANNING to restart the scan.
If the re-scan is successful, the LAST SCAN column under the EXTERNAL KEY SOURCE tab will be updated with the latest scan date and time.
NOTE
After successfully rescanning the Fortanix DSM (SaaS or On-Premises) connection, you must manually rescan the associated parent or linked Fortanix Key Insight cloud or on-premises connection if any, to update the correlated key data.
6.4 View an External Key Source Connection Details
This feature is available only for Fortanix DSM (On-Premises) type external key source connections.
Perform the following steps to view the connection details:
Click VIEW DETAILS for the required Fortanix DSM (On-Premises) connection under the EXTERNAL KEY SOURCE tab.
On the DSM page,
Click DOWNLOAD PACKAGE to download the package again in case you changed your machine, your current package has errors, or was not installed correctly.
Click DELETE to remove the Fortanix DSM (On-Premises) connection.
Click EDIT to update the name of the connection, if required.
Also, you can view the following sections:
Scanner Details: This section provides details about the scanner's connection status, connection ID, last scan, periodic polling interval, and the date and time it was created.
Access Type: This section offers details about the API key.
Perform the following to manage the API keys:
Click MANAGE API KEY to manage the generated API key(s).
On the Manage API Key dialog box, read the details.
NOTE
You can generate a maximum of two API keys for configuring the connection between Fortanix DSM (On-Premises) and Fortanix Key Insight.
Click GENERATE ANOTHER API KEY to generate a second key if one already exists.
For each API Key, you can perform the following:
Click COPY to copy the API key value.
Click DELETE to remove the generated API key.
WARNING
Deleting an API key may revoke access for the Fortanix DSM (On-Premises) connection, potentially disrupting its functionality. This action is irreversible.
Fortanix Key Insight identifies encryption keys and data services across on-premises and hybrid multicloud environments, providing a unified dashboard for tracking key mappings and cryptographic security. It offers security and compliance teams data-driven insights to assess risks, align with best practices, and meet industry regulations. Iy also supports continuous risk mitigation and crypto-agility, adapting to evolving security needs, including preparation for the post-quantum era.
Fortanix Data Security Manager (DSM) is the world’s first cloud service secured with Intel® SGX. With Fortanix DSM, you can securely generate, store, and use cryptographic keys and certificates, as well as other secrets such as passwords, API keys, tokens, or any blob of data. Your business-critical applications and containers can integrate with Fortanix DSM using legacy cryptographic interfaces (PKCS#11, CNG, and JCE) or using the native Fortanix DSM RESTful interface.
Fortanix Armor is a comprehensive cybersecurity solution that protects data and applications across on-premises, hybrid, and multi-cloud environments. It integrates Fortanix solutions into a single unified product, securing data throughout its lifecycle. Built on the Runtime Encryption Platform, it ensures real-time encryption of data at rest, in transit, and during processing. Additionally, it includes platform services such as IAM, KMS, and Audit and Monitoring to simplify security management.
.
