Fortanix Key Insight User Interface Components - External Key Source
Updated on Apr 3, 2025
Published on Mar 10, 2025
10 minute(s) read
1.0 Introduction
This article describes the user interface (UI) features of the external key source (Fortanix-Data-Security-Manager (DSM) SaaS) connection on Fortanix Key Insight.
Users can access the external key source Overview page after adding an external key source connection, that is, Fortanix DSM SaaS on Fortanix Key Insight.
The Overview page summarizes the external key source (Fortanix DSM SaaS) keys and the related correlation details.
You can click any numerical value on the Overview page to view the list of corresponding external key source keys, filtered accordingly.
The Overview page will not display data if the Fortanix DSM (SaaS) connection with Fortanix Key Insight is not established. In this scenario, you must edit the associated cloud connection configuration and use the generated certificate to re-establish the connection.
The Overview page helps users get a summary of the Fortanix DSM SaaS keys, as described in the following sections:
3.1 DSM Discovery
This section summarizes the Fortanix DSM SaaS keys discovered during the scan.
Figure 2: Cloud Discovery Accounts
It includes the following information:
The count of Fortanix DSM (SaaS) keys imported from your DSM account as part of the integration with Fortanix Key Insight.
The count of Fortanix DSM (SaaS) keys successfully correlated within the Fortanix Key Insight platform and linked to cloud connections such as Azure or AWS.
Clicking each label takes you to its list view.
NOTE
When a new external key source is added, a scan is automatically triggered to import externally backed keys from Fortanix DSM (SaaS) that are linked to multiple cloud connections in Fortanix Key Insight. To view the correlated keys:
You must manually rescan the associated parent or linked cloud connection(s) (AWS or Azure).
After all scans are completed, manually refresh the Overview page of the created DSM connection.
Figure 3: Perform Manual Refresh
3.2 Keys by Status
This section provides a detailed summary of the imported external key source (Fortanix DSM SaaS) keys following a successful scan. It includes a breakdown of the keys that are without expiry and those that are non-compliant:
Keys without expiry: These are keys that have been created in Fortanix DSM SaaS without an expiry date set. As a result, these keys remain valid indefinitely unless manually revoked.
Non-compliant keys: These keys do not meet the National Institute of Standards and Technology (NIST) standards as outlined in the Fortanix DSM account-level cryptographic policy. These keys may require attention to ensure compliance with security best practices and regulatory requirements.
If no account-level cryptographic policy is configured on the Fortanix DSM, all keys will be shown as compliant, and the count of non-compliant keys will be zero.
Click the Keys by Status label to go to the list view of the keys.
Figure 4: Key By Status
3.3 Keys by Type
This section provides a detailed count of the key specifications imported from your Fortanix DSM account.
Figure 5: Key Types
You can also click the “key type” label to go to the tabular view of the key specification.
3.4 Key Correlations by Connection
This section provides an overview of the association between the external key source connection and the Fortanix Key Insight cloud connections (AWS and Azure). It summarizes how the keys are linked across the cloud environment.
NOTE
If no correlated key data is available, recheck the linked connections and rescan.
Figure 6: Key By Status
Click the Key Correlation by Connection Type label to navigate to the Keys page.
Click the cloud connection (AWS or Azure) to access its corresponding keys list view.
3.5 Rescan an External Key Source Connection
Click RESCAN on the Overview page to perform a rescan and verify if any keys have been added, deleted, or updated in the Fortanix DSM SaaS connection.
NOTE
The RESCAN option is accessible only to users with the Account Administrator and Group Administrator roles.
Figure 7: Scan Again
If you click RESCAN andstart the scan, you can monitor the progress bar while the scan is running. After the scan is completed successfully,
The Last scanned label will be updated with the date and time of the completion.
The Overview page will reflect the new state of the external key source keys.
4.0 Keys
After onboarding an external key source, click the Keys menu in the Fortanix Key Insight left navigation bar.
Clicking the Keys menu will take you to the Keys page that shows a map of all the Fortanix DSM SaaS keys with the following details:
Security object name
Current key status
Key Check Value (KCV): It is a cryptographic checksum or hash value derived from a Fortanix DSM cryptographic key.
Key operations supported. For more details, refer to the Key Operations.
To modify the Keys table column display in the list view:
Click .
On the Customize Columns dialog box, select a maximum of six columns that you want to display in the table.
Click APPLY to view only the selected columns on the table.
Click RESET TO DEFAULT to display the default columns if required.
4.4 Add Key Details
After an external key source connection (Fortanix DSM SaaS) is onboarded to Fortanix Key Insight, you can assign owners to the scanned keys to enhance key management, simplify tracking, and improve remediation workflows.
To add the key(s) details,
Select key(s) in the list.
Click ADD DETAILS on the top right corner.
NOTE
If your Fortanix DSM SaaS connection was last scanned before the KI 25.03 release and a new scan was not performed, clicking the ADD DETAILS option will show a Rescan Required to Add Details dialog box. To ensure your key details are correctly added, you must rescan the connection and then add the key details.
On the Add Details dialog box, enter the following details:
Primary owner: Enter the primary owner’s name or employee ID.
Email ID: Enter the primary owner’s valid email ID.
Click ADD SECONDARY OWNER to add the secondary owner’s details, if required.
Description (Optional): Enter an optional description.
Click ADD to add the ownership details to the selected key(s).
NOTE
To add ownership details, specifying a primary owner is mandatory before adding a secondary owner.
On the Keys page, the primary and secondary owners’ name or employee ID and email address will appear in the OWNERS column, and the description will appear in the USAGEDESCRIPTION column.
Figure 10: Add Key Details
NOTE
Only users with Account Administrator permissions can add or edit key details.
4.5 Edit Key Details
You can modify the details of the selected key(s).
To edit the key(s) details,
Select key(s) in the list.
Click EDIT DETAILS on the top right corner.
On the Edit Details dialog box,
Update the primary owner’s name or employee ID and email ID.
Update the secondary owner’s name or employee ID and email ID.
Update the description if required.
Click UPDATE to save the details to the selected key(s).
4.6 View Key Details
Click on any key in the Keys list to view its corresponding details in your Fortanix DSM SaaS account. After selecting a key, you will be redirected to the Fortanix DSM security object details page in the Fortanix DSM SaaS user interface (UI), where you can access the key's information.
This feature allows you to export the external key source-scanned key data from Fortanix Key Insight in Comma-Separated Values (CSV) format. Also, it provides flexibility, enabling you to download data for detailed analysis, audits, or reporting and to access real-time status.
In the external key source Keys list view, you can click EXPORT to export the scanned data using any of the available options:
Figure 12: Access Export Feature
Export current page: Use this option to export all column data from the current page in CSV format.
NOTE
You can download a maximum of 100 items at a time, based on the settings specified in the Items per page drop down menu.
Export all raw data: Use this optionto export all scanned data shown in the key tables in CSV format. If you select this option, you can read the details on the Export All Raw Data dialog box and click PROCEED to export all the data.
After the export process begins, you can track its progress, and the export status will be logged with a message under the Activities tab in Fortanix Key Insight. For more details, refer to Section 5.1: Manage Export Activities.
Export selected rows: This option is disabled by default.You can select the required rows on the current page and then use this option to export them in CSV format.
NOTE
Users with the Account Administrator and Group Administrator roles can only perform the scanned data export.
Within the same account, you can have multiple exports running simultaneously from different cloud, on-premises, and external key source connections.
5.1 Manage Export Activities
After you initiate the export process using Export all raw data, you can monitor the export status on the Activities tab. You can see the following details for each export:
Name of the activity. For example, the activity would be named Export_all_keys if you had exported all the external key source keys.
Name of the file. For example, Keys.csv.
Activity status: It provides the current status of the data export. This can be,
Completed: The data export has been completed, and the CSV file will automatically download to the location specified on your local machine.
In Progress: The data export is in progress, and you can cancel it using if required.
Cancelled: The data export has been cancelled due to switching accounts or manually cancelling it while it was in progress.
Failed: The data export was not completed and failed due to errors.
Name of the connection
Export creation date and time
Figure 13: Access Export Activities
NOTE
If you switch to a different account during export, the export will be canceled and logged in the Activities tab.
If you navigate to a different solution (for example, Identity and Access Management), the export will continue, but no logs will appear in the Activities tab. The export status will be confirmed using a toast message.
If you refresh the web page during the export, the confirmation dialog box will appear. If you refresh, the export will be canceled, and all entries in the Activities tab will be removed. Therefore, it is recommended not to refresh the page during the export.
Fortanix Data Security Manager (DSM) is the world’s first cloud service secured with Intel® SGX. With Fortanix DSM, you can securely generate, store, and use cryptographic keys and certificates, as well as other secrets such as passwords, API keys, tokens, or any blob of data. Your business-critical applications and containers can integrate with Fortanix DSM using legacy cryptographic interfaces (PKCS#11, CNG, and JCE) or using the native Fortanix DSM RESTful interface.
Fortanix Key Insight identifies encryption keys and data services across on-premises and hybrid multicloud environments, providing a unified dashboard for tracking key mappings and cryptographic security. It offers security and compliance teams data-driven insights to assess risks, align with best practices, and meet industry regulations. Iy also supports continuous risk mitigation and crypto-agility, adapting to evolving security needs, including preparation for the post-quantum era.
.png?sv=2022-11-02&spr=https&st=2025-04-04T20%3A00%3A31Z&se=2025-04-04T20%3A20%3A31Z&sr=c&sp=r&sig=lQf8QgzxjH9Z7PlM7NrdagiziHaQ%2Bf07XLD%2FAlJT9qs%3D)
.png?sv=2022-11-02&spr=https&st=2025-04-04T20%3A00%3A31Z&se=2025-04-04T20%3A20%3A31Z&sr=c&sp=r&sig=lQf8QgzxjH9Z7PlM7NrdagiziHaQ%2Bf07XLD%2FAlJT9qs%3D)
.
.png?sv=2022-11-02&spr=https&st=2025-04-04T20%3A00%3A31Z&se=2025-04-04T20%3A20%3A31Z&sr=c&sp=r&sig=lQf8QgzxjH9Z7PlM7NrdagiziHaQ%2Bf07XLD%2FAlJT9qs%3D)
if required.