---
title: "External Key Source Connection - User Interface Components"
slug: "fortanix-key-insight-user-interface-components-external-key-source"
updated: 2026-06-16T13:41:58Z
published: 2026-06-16T13:41:58Z
canonical: "support.fortanix.com/fortanix-key-insight-user-interface-components-external-key-source"
---

> ## Documentation Index
> Fetch the complete documentation index at: https://support.fortanix.com/llms.txt
> Use this file to discover all available pages before exploring further.

# External Key Source Connection - User Interface Components

## 1.0 Introduction

This article describes the user interface (UI) features of the external key source (Fortanix-Data-Security-Manager (DSM) SaaS or On-premises) connection on Fortanix Key Insight.

## 2.0 Terminology References

*For Fortanix Key Insight external key source connection concepts and supported features, refer to*[*External Key Source Connection Concepts*](/v1/docs/fortanix-key-insight-external-key-source-connection-concepts).

## 3.0 Overview

The External Key Source **Overview** page appears after adding a Fortanix DSM (SaaS or On-premises) connection.

The **Overview** page displays the keys and related correlation details of the external key source (Fortanix DSM SaaS or On-premises).

![](https://cdn.us.document360.io/c3bd85d2-4ad8-4d85-9f60-f1c168a3aad9/Images/Documentation/KI_EKS Overview(4).png)

**Figure 1: Access external key source overview**

> [!NOTE]
> NOTE
> 
> - If your Fortanix Armor account is deactivated and you are accessing the Fortanix Key Insight external key source (Fortanix DSM) connection, you will not be able to view data on the **Overview, Keys,**or **PQC Central** pages. You will only have access to view and delete items within the **Connections**, **Policy Center,**and**Authentication** pages.
> - The **Overview** page will not display data if the Fortanix DSM (SaaS or On-premises) connection with Fortanix Key Insight is not established. In this scenario, you must edit the associated cloud or on-premises connection configuration and re-establish the connection.

The **Overview** page helps users get a summary of the Fortanix DSM SaaS or On-premises keys, as described in the following sections:

### 3.1 DSM Discovery

This section summarizes the discovered asset counts for a Fortanix DSM (SaaS or On-premises) connection.

It shows the count of:

- Fortanix DSM (SaaS or On-premises) keys imported from your DSM account during integration with Fortanix Key Insight.
- Fortanix DSM (SaaS or On-premises) keys successfully correlated within the Fortanix Key Insight platform and linked to a cloud (Azure, Amazon Web Services (AWS), or Google Cloud Platform (GCP)) or on-premises connection.

> [!NOTE]
> NOTE
> 
> When a new external key source (Fortanix DSM) is added, Fortanix Key Insight automatically triggers a scan to import externally backed keys from the Fortanix DSM (SaaS or on-premises) connection. To view the correlated keys count:
> 
> 1. Manually rescan the linked cloud or on-premises connection. The linked connection appears in the **Key Correlations by Connection** section of the **Overview** page.
> 2. After the scan is completed, click ![](https://cdn.us.document360.io/c3bd85d2-4ad8-4d85-9f60-f1c168a3aad9/Images/Documentation/KI_EKS Refresh.png) on the **Overview** page to view the correlated keys count.
> 
> ![](https://cdn.us.document360.io/c3bd85d2-4ad8-4d85-9f60-f1c168a3aad9/Images/Documentation/KI_EKS Manual Refresh(1).png)
> 
> **Figure 2: Perform refresh**

Clicking each label takes you to its list view.

### 3.2 Cryptography Bill of Materials (CBOM)

This section describes how to export cryptographic asset metadata from an external key source (Fortanix DSM) into a standardized CBOM JSON file. The exported CBOM format is useful for maintaining a cryptographic inventory, demonstrating regulatory compliance, and evaluating post-quantum cryptography (PQC) readiness.

To export the CBOM data, click **EXPORT**. The file named `bom_report_&lt;DSM_scan_id&gt;.json` will be downloaded to your local machine, where `DSM_scan_id` is the unique identifier generated for each Fortanix DSM connection scan.

For example,

[](https://cdn.us.document360.io/c3bd85d2-4ad8-4d85-9f60-f1c168a3aad9/Images/Documentation/bom_report_a2848bb0-575c-11f0-9da0-a50265115b09.json)bom_report_a2848bb0-575c-11f0-9da0-a50265115b095.66 KB[**](https://cdn.us.document360.io/c3bd85d2-4ad8-4d85-9f60-f1c168a3aad9/Images/Documentation/bom_report_a2848bb0-575c-11f0-9da0-a50265115b09.json)

The exported file adheres to the **CycloneDX** specification and includes the following components:

- `bomFormat`: Specifies the format of the bill of materials. For CBOM, this value is set to `CycloneDX`.
- `specVersion`: Indicates the version of the CycloneDX specification being used.
- `version`: Denotes the version of this specific CBOM file.
- `components`: Lists cryptographic components such as DSM keys. Each entry includes details such as type, name, algorithm, associated services, and other relevant information.
- `services`: Returns an empty list as Fortanix DSM connections do not support services.
- `dependencies`: Returns an empty list, since Fortanix DSM connections do not support services, and therefore no dependencies are defined.

> [!NOTE]
> NOTE
> 
> If your Fortanix DSM SaaS or On-premises connection was last scanned before the Fortanix Key Insight 25.07 release and has not been rescanned since, you must perform a **Rescan** to ensure the correct export of CBOM data.
> 
> *For more information on how to perform a rescan, refer to*[*Section 3.6: Rescan an External Key Source Connection*](/v1/docs/fortanix-key-insight-user-interface-components-external-key-source#36-rescan-an-external-key-source-connection)*.*

### 3.3 Keys by Status

This section provides a summary of Fortanix DSM keys categorized by their status:

- **Keys without expiry**: These are keys that have been created in Fortanix DSM (SaaS or On-premises) without an expiry date set. As a result, these keys remain valid indefinitely unless manually revoked.
- **Non-compliant keys**: These keys do not meet the cryptographic policy standards as outlined in the Fortanix DSM account-level cryptographic policy. These keys may require attention to ensure compliance with security best practices and regulatory requirements.

*For more information on the Fortanix DSM account-level cryptographic policy, refer to*[*Account Cryptographic Policy*](/v1/docs/fortanix-dsm-account-cryptographic-policy)*.*

> [!NOTE]
> NOTE
> 
> - If no account-level cryptographic policy is configured on the Fortanix DSM, all keys will be shown as compliant, and the count of non-compliant keys will be zero.
> - Since Fortanix DSM On-premises users cannot import cryptographic policies into Fortanix Key Insight, scan results for the external key source (Fortanix DSM On-premises) will always appear compliant, and the count of non-compliant keys will always be 0.

Click the **Keys by Status** label to go to the list view of the keys.

### 3.4 Keys by Type

This section displays a count of key specifications imported from your Fortanix DSM account.

Click the “key type” label to go to the tabular view of the key specification.

### 3.5 Key Correlations by Connection

This section provides an overview of the association between the external key source connection and the Fortanix Key Insight cloud or on-premises connections. It summarizes how the keys are linked across the cloud or on-premises environment.

> [!NOTE]
> NOTE
> 
> If no correlated key data is available, recheck the linked connections and rescan.

- Click the **Key Correlation by Connection Type** label to navigate to the **Keys**page.
- Click the connection to access its corresponding keys list view.

### 3.6 Rescan an External Key Source Connection

Click **RESCAN** on the top right corner of the **Overview** or **Assessment** page to perform a rescan and verify if any keys have been added, deleted, or updated in the Fortanix DSM SaaS or On-premises connection.

If you click **RESCAN**and****start the scan, you can monitor the progress bar while the scan is running. After the scan is completed successfully,

- The**Last scanned** label will be updated with the completion date and time.
- The **Overview**page will reflect the new state of the external key source keys.

> [!NOTE]
> NOTE
> 
> - The **RESCAN** option is accessible only to users with the **Account Administrator** and **Group Administrator** roles.
> - The **RESCAN** option is available only when the external key source connection status is 'Connected**'.**

## 4.0 Keys

After onboarding an external key source, click **Keys** in the Fortanix Key Insight left navigation panel.

Clicking **Keys** will take you to the **Keys** page that shows a map of all the Fortanix DSM SaaS or On-premises keys.

> [!NOTE]
> NOTE
> 
> - Key Check Value (KCV) is a cryptographic checksum or hash value derived from a Fortanix DSM cryptographic key.
> - Click **+ more** on the **Key Operations Permitted** column to view all supported key operations. *For more information on each key operation, refer to*[*Key Operations*](/v1/docs/fortanix-dsm-key-operations)*.*

![](https://cdn.us.document360.io/c3bd85d2-4ad8-4d85-9f60-f1c168a3aad9/Images/Documentation/image-1764328064862.png)

**Figure 3: Keys list view**

- Use the **Search** field to filter keys based on the available criteria and supported values.

For example:
  - Key Name
  - Key Size
  - Enabled: Enabled, Not Enabled
- Click ![](https://cdn.us.document360.io/c3bd85d2-4ad8-4d85-9f60-f1c168a3aad9/Images/Documentation/gcp-connection---user-interface-components-image-oikbq2v5.png) in the top-right corner of the table to customize which columns are displayed, beyond the default six.
- Click**EXPORT** to export the scanned keys data. *For more information, refer to*[*Section 5.0: Export Scanned Data*](/v1/docs/fortanix-key-insight-user-interface-components-external-key-source#50-export-scanned-data)*.*

### 4.1 Add Key Details

You can assign owners to the scanned keys to enhance key management, simplify tracking, and improve remediation workflows.

Perform the following steps to add the key(s) details:

1. Select the check box (![](https://cdn.us.document360.io/c3bd85d2-4ad8-4d85-9f60-f1c168a3aad9/Images/Documentation/image(133)(1).png)) next to the required key(s) in the list.
2. Click **ADD DETAILS** in the top right corner of the table.

> [!NOTE]
> NOTE
> 
> If your Fortanix DSM SaaS or On-premises connection was last scanned before the Fortanix Key Insight 25.03 release and a new scan was not performed, clicking the **ADD DETAILS** option will show a **Rescan Required to Add Details** dialog box. To ensure your key details are correctly added, you must rescan the connection and then add the key details.
> 
> *For more information on how to perform a rescan, refer to*[*Section 3.6: Rescan an External Key Source Connection*](/v1/docs/fortanix-key-insight-user-interface-components-external-key-source#36-rescan-an-external-key-source-connection)*.*
3. In the **Add Details** dialog box:

> [!NOTE]
> NOTE
> 
> To add ownership details, specifying a primary owner is mandatory before adding a secondary owner.
  1. **Primary owner**: Enter the primary owner’s name or employee ID.
  2. **Email ID**: Enter the primary owner’s valid email ID.
  3. Click **ADD SECONDARY OWNER** to add the secondary owner’s details, if required.
  4. **Description (Optional)**: Enter a description.
  5. Click **ADD** to add the ownership details to the selected key(s).

On the **Keys** page, the primary and secondary owners’ names or employee IDs and email addresses will appear in the **OWNERS** column, and the description will appear in the **USAGE** **DESCRIPTION** column.

> [!NOTE]
> NOTE
> 
> Only users with **Account Administrator** permissions can add or edit key details.

### 4.5 Edit Key Details

You can modify the details of the selected key(s).

Perform the following steps to edit the key(s) details:

1. Select the check box (![](https://cdn.us.document360.io/c3bd85d2-4ad8-4d85-9f60-f1c168a3aad9/Images/Documentation/image(133)(1).png)) next to the required key(s) in the list.
2. Click **EDIT DETAILS** in the top right corner.
3. In the **Edit Details** dialog box, update the required values.
4. Click **UPDATE** to apply the changes.

### 4.6 View Key Details

Click the security object name of any key in the **Keys** list to view its properties, supported operations, HSM/Cloud KMS configurations, and automatic key rotation policy details.

- The**KEY DETAILS** tab displays key properties, key operations, ownership details (if already provided), HSM/Cloud KMS Configurations details, and automatic key rotation policy details.

![](https://cdn.us.document360.io/c3bd85d2-4ad8-4d85-9f60-f1c168a3aad9/Images/Documentation/KI_EKS Key Details(8).png)

**Figure 4: View key properties**

Click **VIEW IN DSM** to view the key details in your Fortanix DSM account. You will be redirected to the **View security object**page in the Fortanix DSM UI, where you can access detailed information about the key. *For more information, refer to*[*Key Management Service*](/v1/docs/fortanix-dsm-key-management-service)*.*

- The **ATTRIBUTES** tab displays any custom attributes associated with the key. These are user-defined metadata elements that can be added to a key. *For more information, refer to*[*Key Lifecycle Management*](/v1/docs/fortanix-data-security-manager-key-lifecycle-management#27-key-attributestags).

![](https://cdn.us.document360.io/c3bd85d2-4ad8-4d85-9f60-f1c168a3aad9/Images/Documentation/KI_EKS Key Attributes(1).png)

**Figure 5: View an EKS key attributes**

## 5.0 Export Scanned Data

This feature allows you to export the external key source-scanned key data from Fortanix Key Insight in **Comma-Separated Values (CSV)** format. Also, it provides flexibility, enabling you to download data for detailed analysis, audits, or reporting, and to access real-time status.

In the external key source **Keys** list view, click **EXPORT** to export the scanned data using any of the available options:

![](https://cdn.us.document360.io/c3bd85d2-4ad8-4d85-9f60-f1c168a3aad9/Images/Documentation/image-1764328488731.png)

**Figure 6: Access export feature**

- **Export current page**: Use this option to export all column data from the current page in CSV format.

> [!NOTE]
> NOTE
> 
> You can download a maximum of 100 items at a time, based on the settings specified in the **Items per page** drop down.
- **Export all raw data:**Use this option****to export all scanned data shown in the key tables in CSV format. If you select this option, you can read the details on the **Export All Raw Data** dialog box and click **PROCEED** to export all the data.

After the export process begins, you can track its progress, and the export status will be logged with a message on the **Activities** tab in Fortanix Key Insight. *For more information, refer to*[*Section 5.1: View Export Activities*](/v1/docs/fortanix-key-insight-user-interface-components-external-key-source#51-view-export-activities)*.*
- **Export selected rows:**This option is disabled by default.****You can select the check box (![](https://cdn.us.document360.io/c3bd85d2-4ad8-4d85-9f60-f1c168a3aad9/Images/Documentation/image(133)(2).png)) next to the required rows on the current page and export them in CSV format using this option.

> [!NOTE]
> NOTE
> 
> - Users with the **Account Administrator** and **Group Administrator** roles can only perform the scanned data export.
> - Within a single account, multiple exports can run concurrently across different connections (cloud, on-premises, external key sources, and vendor applications).

### 5.1 View Export Activities

After you initiate the export process using **Export All Raw Data**, you can track the export status in the **Activities**tab located in the left navigation panel of Fortanix Key Insight.

The following details are available for each export activity:

- Name of the activity. For example, the activity would be named **Export_all_keys** if you had exported all the external key source keys.
- Name of the file. For example, **DSM Keys.csv**.
- Activity status provides the current status of the data export.

This can be any of the following:
  - **Completed**: The data export has been completed, and the CSV file will automatically download to the location specified on your local machine.
  - **In Progress**: The data export is in progress, and you can cancel it using ![](https://cdn.us.document360.io/c3bd85d2-4ad8-4d85-9f60-f1c168a3aad9/Images/Documentation/image(126).png) if required.
  - **Cancelled**: The data export has been cancelled due to switching accounts or manually cancelling it while it was in progress.
  - **Failed**: The data export was not completed and failed due to errors.
- Name of the connection
- Export creation date and time

![](https://cdn.us.document360.io/c3bd85d2-4ad8-4d85-9f60-f1c168a3aad9/Images/Documentation/KI_EKS Activities(1).png)

**Figure 7: Access export activities**

> [!NOTE]
> NOTE
> 
> - If you switch to a different account during export, the export will be canceled and logged in the **Activities** tab.
> - If you navigate to a different solution (for example, Identity and Access Management), the export will continue, but no logs will appear in the **Activities** tab. The export status will be confirmed using a toast message.
> - If you refresh the web page during the export, the confirmation dialog box will appear. If you refresh, the export will be canceled, and all entries in the **Activities** tab will be removed. Therefore, it is recommended not to refresh the page during the export.

Fortanix Data Security Manager (DSM) is the world’s first cloud service secured with Intel® SGX. With Fortanix DSM, you can securely generate, store, and use cryptographic keys and certificates, as well as other secrets such as passwords, API keys, tokens, or any blob of data. Your business-critical applications and containers can integrate with Fortanix DSM using legacy cryptographic interfaces (PKCS#11, CNG, and JCE) or using the native Fortanix DSM RESTful interface.

Fortanix Key Insight identifies encryption keys and data services across on-premises and hybrid multicloud environments, providing a unified dashboard for tracking key mappings and cryptographic security. It offers security and compliance teams data-driven insights to assess risks, align with best practices, and meet industry regulations. Iy also supports continuous risk mitigation and crypto-agility, adapting to evolving security needs, including preparation for the post-quantum era.