1.0 Introduction
This article describes the Venafi connection concepts and supported features in Fortanix Key Insight. Fortanix Key Insight integrates with Venafi to provide centralized visibility, governance, and lifecycle management for certificates managed by Venafi.
2.0 Concepts
The following table summarizes the Venafi connection concepts used in Fortanix Key Insight:
CONCEPT | DESCRIPTION |
|---|---|
Venafi Platform | Venafi is an enterprise platform for managing machine identities, including SSL/TLS certificates, keys, and secrets. It provides centralized visibility, policy enforcement, and lifecycle management for certificates across cloud, on-premises, and hybrid environments. Fortanix Key Insight integrates with Venafi to scan and analyze certificates managed by the Venafi platform. |
Venafi Trust Protection Platform (TPP) | Venafi TPP is the core component of Venafi’s Certificate Lifecycle Management (CLM) solution. It centrally manages certificate issuance, renewal, revocation, and policy enforcement. Fortanix Key Insight connects to Venafi TPP to discover and scan certificates for compliance and cryptographic posture. |
Venafi Applications | Applications in Venafi represent logical groupings of certificates associated with a specific workload, service, or application. They define policies for certificate issuance, key size, algorithms, and validity periods. Fortanix Key Insight scans certificates across Venafi applications to assess compliance and cryptographic risk. |
Certificates | Certificates are digital credentials used to authenticate machines, applications, and services using SSL/TLS. Venafi manages the full lifecycle of certificates, including discovery, issuance, renewal, and revocation. Fortanix Key Insight scans these certificates to identify expiration risks, weak algorithms, and non-compliant configurations. |
Venafi Scan | The process of connecting to the Venafi platform to retrieve certificate inventory, metadata, and policy information for analysis in Fortanix Key Insight. |
Venafi Sync | The process of synchronizing certificate metadata, cryptographic attributes, and compliance status from Venafi into Fortanix Key Insight so that Key Insight reflects the current state of certificates managed by Venafi. |
3.0 Supported Features
The Fortanix Key Insight Venafi connection supports the following features:
Supports regional deployments for Venafi connections in the European Union (EU) and North America (NA), enabling region-specific data processing, reporting, and visualization. Users can switch between regions, and the user interface (UI) automatically updates to reflect the selected region. This helps organizations meet compliance, governance, and data sovereignty requirements.
Allows users to scan all certificates within a Venafi environment.
For every Venafi certificate in a region,
Provides a tabular view that shows the certificate details, with filtering capabilities to narrow results based on specific requirements.
Displays a map of the certificate compliance status.
Detects non-compliant certificates based on the applied policies, with vulnerability alerts generated in accordance with NIST standards.
Provides detailed certificate information such as certificate properties, owner(s), domain name, Subject Alternative Name (SAN), and associated policy violations.
Allows users to export all scanned certificate data in comma-separated values (CSV) format and provides the ability to track export activities.
Supports secure secret-based access for Venafi connections, enabling centralized identity management without exposing long-lived credentials.
Allows users to create and manage user-defined policies, duplicate and modify system-defined, Fortanix DSM, or existing user-defined policies, and automatically retrieve cryptographic policies from Fortanix DSM to apply them to scanned connections.