Container

  • Published on Dec 12, 2025
  • 2 minute(s) read
Prev Next

1.0 Introduction

This article provides an overview of the Fortanix Key Insight on-premises Containers infrastructure, which is used to scan cryptographic materials stored within on-premises container image repositories and Kubernetes environments.

It also describes:

  • Containers scanning architecture

  • Containers scanning process

  • Containers scanning benefits

2.0 Terminology References

For on-premises connection concepts and supported features, refer to On-premises Connection Concepts.

3.0 Architecture

The following diagram illustrates the on-premises containers scanning infrastructure integrated with Fortanix Key Insight:

     Figure 1: Container scanning architecture

3.1 Components

The architecture consists of two main components:

  • Container Image Repositories (Docker, Kubernetes, and so on): Store and manage container images that may contain cryptographic materials such as embedded keys, certificates, configuration secrets, or cryptographic libraries.

  • Fortanix On-premises Scanner (fortanix-scanner): Installed once per organization. It connects to supported container image repositories and Kubernetes clusters, collects image metadata, and forwards it to Fortanix Key Insight.

3.2 Workflow

This section outlines the workflow for scanning the container images:

  • The Fortanix On-premises Scanner connects to your container image repositories and Kubernetes clusters using the configured URL and credentials. It analyzes container images to identify cryptographic artifacts such as private keys, certificates, algorithms, and their usage locations.

  • The Fortanix On-premises Scanner then aggregates the collected metadata and establishes an outbound connection to the Fortanix Key Insight SaaS for analysis, reporting, and visualization.

4.0 Scan Containers Using Fortanix On-premises Scanner

The Fortanix On-Premises Scanner is the primary component responsible for discovering and extracting encryption metadata from on-premises container image repositories.

It is available for the following platforms:

  • Linux: Distributed as .deb and .rpm packages.

  • Windows: Distributed as an .exe executable.

For detailed information on container scanning using the Fortanix On-premises Scanner, refer to the following:

5.0 Containers Scanning Benefits

The container scanning process helps to:

  • Identify cryptographic assets embedded within container images, including keys, certificates, and cryptographic libraries.

  • Highlight cryptographic implementations that deviate from enterprise security policies, enabling corrective action before deployment.

  • Expose cryptographic materials or secrets that may be unintentionally packaged into images, reducing the risk of exposure in production environments.

  • Provide a centralized inventory of keys and cryptographic posture across all containerized workloads.

  • Support post-quantum cryptography (PQC) readiness as part of a holistic enterprise-wide crypto visibility strategy.

Related articles