If the Overview page for databases does not display any data, configure the on-premises scanner. For more information, refer to On-premises Scanner Configuration.
In the database UI, the order of tabs depends on the availability of resources in each tab (DATABASES, SOURCE CODE, and FILE SYSTEMS). You will always see results in the first tab that has scanned data available. If no data is present at connection level, the default order is FILE SYSTEMS > DATABASES > SOURCE CODE.
If your Fortanix Armor account is deactivated and you are accessing the Fortanix Key Insight On-premises connection for databases, you will not be able to view data under the Overview, Assessments, Keys, Resources, or PQC Central pages. You will only have access to view and delete items within the Connections, Policy Center, and Authentication pages.
If you added any external key source (Fortanix DSM SaaS or On-premises) during the Fortanix Key Insight On-premises connection onboarding, the Overview page for databases displays the total key count, reflecting the correlated keys after a successful scan.
Click ASSESSMENT REPORT to navigate to the Assessment page and view the assessment report. This report allows you to assess your key security posture to ensure the safety of your data. For more information, refer to Section 4.0: Assessments.
The Overview page is described in the following sections:
3.1 Discovered On-premises Resources
This section provides the count of scanned on-premises infrastructures, including databases, file systems, and source code repositories.
It also displays the count of the following in the scanned on-premises infrastructures:
Cryptographic assets
Keys
Certificates
Resources
NOTE
The total number of keys displayed in the Discovered On-premises Resources section is only the count of the “Current” key versions in the on-premises infrastructures.
Clicking the Cryptographic Assets, Keys, Certificates, and Resources labels navigates you to their list view.
3.2 Cryptography Bill of Materials (CBOM)
This section describes how to export cryptographic asset metadata from an on-premises infrastructure into a standardized CBOM JSON file. The exported CBOM format is useful for maintaining a cryptographic inventory, demonstrating regulatory compliance, and evaluating post-quantum cryptography (PQC) readiness.
To export the CBOM data, click EXPORT. The file named bom_report_<on-premises_scan_id>.json will be downloaded to your local machine, where on-premises_scan_id is a unique identifier generated for each on-premises connection scan.
For example,
bom_report_e174504c-92d2-11f0-966a-7376cbf4905b
142.25 KB
The exported file adheres to the CycloneDX specification, including the following components:
bomFormat: Specifies the bill of materials format. For CBOM, this value is set to CycloneDX.
specVersion: Indicates the version of the CycloneDX specification being used.
version: Denotes the version of this specific CBOM file.
components: Lists cryptographic components such as on-premises keys. Each entry includes details such as type, name, algorithm, associated services, and other relevant information.
services: Describes the on-premises resources that interact with the listed cryptographic components. Each service includes details such as its name and unique ID.
dependencies: Defines the relationships between keys and resources, representing how cryptographic elements are interconnected or used together.
NOTE
If your on-premises connection was last scanned before the Fortanix Key Insight 25.07 release and has not been rescanned since, you must perform a Rescan to ensure the correct export of CBOM data.
This section provides a summary of the scanned database assets, including cryptographic keys and associated servers, along with their counts.
Click each category to view the detailed list of the corresponding keys and databases.
3.4 Keys by Spec
This section displays the total number of keys discovered in on-premises databases, along with a breakdown by individual key specifications.
Click on each key type to view the detailed list of corresponding keys.
3.5 Keys by Sources
This section displays the distribution of keys generated from various sources.
NOTE
If you added an external key source (Fortanix DSM SaaS or On-premises) during the On-premises connection onboarding, the Fortanix key source label will be displayed. This indicates that the keys are now linked to Fortanix DSM (SaaS or On-premises).
Click each key to go to its list view, which includes information such as key ID, key name, key insight, key rotation, host, and so on.
3.6 Keys by Status
This section lists the total number of active and expired keys in the databases. Click each item to access the list of the respective keys.
3.7 Top Database Types by Assets
This section displays the top five on-premises databases with the total number of keys discovered in each, along with the overall key count. Cells highlighted in pink indicate discovered keys.
Click VIEW ALL to see the complete list of databases and their discovered keys.
Click a key count to view the detailed list of corresponding keys within that database.
3.8 Scanned Databases
This section displays the encryption status of the scanned database resources, showing which ones are encrypted and which are not.
The red color cell indicates the Unencrypted resources.
The orange color cell indicates the Partially encrypted resources.
The black color indicates the resources whose encryption status is unknown.
The green color cell indicates the Fully Encrypted resources.
Clicking each item will take you to its corresponding list view.
4.0 Assessments
You can access the Fortanix Key Insight Assessment page for databases after the scan is performed, and on-premises keys and resources have been added.
The Assessment page shows:
How good or bad the key security posture is for the Fortanix On-premises Scanner.
Violations that must be remediated to improve the security status.
Remediation advice to improve the security status.
Figure 2: On-premises databases assessment report
NOTE
If you added any external key source (Fortanix DSM SaaS or On-premises) during the Fortanix Key Insight On-premises connection onboarding, the Assessment page will display the total key count, reflecting the correlated keys after a successful scan.
4.1 Risk Score
This section provides the overall risk score of the on-premises keys and resources for databases.
High – A high score indicates the total number non-compliant keys and partially encrypted keys in use.
Critical – A critical risk score indicates the total number of unencrypted databases detected that need attention.
The overall risk score is prioritized based on the number of risks, in order of severity from highest to lowest:
Critical
High
Medium
Good
Click each risk label or risk count to access its corresponding list view.
4.2 Resource Violations
This section provides insights into resource violations across your on-premises database infrastructure.
You can view the total number of database violations along with the breakdown of the total number of violations discovered across individual databases. This data helps identify which resources are at risk, enabling you to implement unique, compliant, and encrypted cryptographic assets for enhanced security.
Additionally,
You can view risk levels for each database, which are color-coded for easy identification.
Select VIEW ALL to navigate to the Resources page and explore individual violations for each database.
Click any database to view a detailed list of the top 10 violations associated with it, sorted by severity. Click each violation type to navigate to the corresponding list view.
Click BACK to return to the resource violations card view.
4.3 Top Security Issues
This section provides the following information:
Unencrypted DBs: Displays the number of databases that do not have encryption applied to their stored data. Encryption is a critical security measure used to protect sensitive information by converting it into a secure format that is unreadable without the appropriate decryption key.
Non-HSM managed keys: Non-HSM (Non-Hardware Security Module) managed keys refer to cryptographic keys that are handled, stored, and managed by software rather than specialized hardware devices designed for key management and security. This section displays the total number of keys in the on-premises scanner that are not managed by hardware.
Non-compliant keys: Displays the total number of keys that do not meet the established industry standards and compliance frameworks. It highlights keys that do not adhere to the required security practices and guidelines set forth by regulatory bodies and industry best practices. By identifying these non-compliant keys, this section helps identify the areas where key management practices need improvement to ensure that they align with the necessary security and compliance requirements.
Any key that utilizes the following algorithm and key size combinations is considered Non-Compliant in Fortanix Key Insight, according to the National Institute of Standards and Technology (NIST) 800-57 standard:
AES: Any key size less than 128 bits.
3DES: Keys with sizes 112 bits and 168 bits.
DES: Keys with size 56 bits.
RSA: Keys with a size less than 2048 bits.
DSA: Keys with a size less than 2048 bits.
ECC: Keys with a size less than 224 bits.
HMAC: Keys with a size less than 112 bits.
The non-compliant keys increase the data security risk. They will be flagged as vulnerabilities on the Keys page.
Fortanix Key Insight recommends using stronger key algorithms and ensuring that the key strength aligns with your defined policies and NIST standards.
PQC readiness: Indicates the percentage of your cryptographic assets that are currently quantum-safe, reflecting your database environment's preparedness for post-quantum cryptography (PQC). This percentage represents the portion of assets using PQC-compliant algorithms or configurations. Clicking the percentage value takes you to the PQC Central page, where you can view detailed data related to the corresponding on-premises connection and assess the readiness of individual assets.
Click each top security issue to access its corresponding list view.
4.4 Download Assessment Report
Click DOWNLOAD REPORT on the top-right corner of the Assessment page to view the Data Security Assessment Report for the on-premises infrastructures, such as databases, source code, and file systems, in PDF format. The report will open in the Print dialog box, where you can select to print it or save it locally to your machine as needed.p
5.0 Rescan an On-premises Connection
Click RESCAN on the top-right corner of the Overview page to perform a rescan and verify if any keys have been added, deleted, or updated in the Fortanix On-premises Scanner.
If you click RESCAN andstart the scan, you can monitor its progress in the progress bar. After the scan is completed successfully,
The Last scanned label will be updated with the date and time of completion.
The Overview page will reflect the new state of the on-premises keys and resources.
NOTE
The RESCAN option is accessible only to users with the Account Administrator and Group Administrator roles.
The RESCAN option is available only when the on-premises connection status is Connected.
You can also click RESCAN on the top-right corner of the Assessment page to perform the rescan. After the scan is completed, the Assessment page will reflect the new state of the on-premises resources.
6.0 Keys
After the on-premises connection is onboarded, click Keys on the Fortanix Key Insight left navigation panel to access the Keys page, where you can view all the scanned keys for on-premises databases.
Figure 3: Access Keys page
The key list displays the following information:
For every database, the table displays the key ID, key source, key name, infrastructure (Databases or File systems), violations, key category, owners, usage description, version, key insight, key category, hostname, key spec, key creation date, rotation date, expiration date, database (DB) type, and key status.
Click the VIOLATIONS count or icon to access the associated violations.
Click () in the top-right corner of the table to customize which columns are displayed, beyond the default six.
Use the Search field to filter keys based on the available criteria and supported values:
For example,
Key Identifier
Hostname
Infrastructure: Databases, File systems
6.1 Add Key Details in Databases List View
You can assign owners to the scanned keys to enhance key management, simplify tracking, and improve remediation workflows.
Perform the following steps to add the key(s) details:
Select the checkbox () next to the required key(s) in the list.
Click ADD DETAILS in the top-right corner of the table.
NOTE
If your on-premises connection was last scanned before the Fortanix Key Insight 25.03 release and a new scan was not performed, clicking ADD DETAILS will display a Rescan Required to Add Details dialog box. To ensure your key details are correctly added, rescan the on-premises connection and then add the key details. For more information on how to perform a rescan, refer to Section 5.0: Rescan an On-premises Connection.
In the Add Details dialog box, enter the following details:
Primary owner: Enter the primary owner’s name or employee ID.
Email ID: Enter the primary owner’s valid email address.
Click ADD SECONDARY OWNER to add the secondary owner details, if required.
Description (Optional): Enter an optional description.
Click ADD to add the ownership details to the selected key(s).
NOTE
To add ownership details, specifying a primary owner is mandatory before adding a secondary owner.
Only users with Account Administrator permissions can add or edit key details.
On the Keys page, the primary and secondary owners’ names or employee IDs and email addresses appear in the OWNERS column, and the description will appear in the USAGEDESCRIPTION column.
6.2 Edit Key Details in Databases List View
You can modify the details of the selected key(s).
Perform the following steps to edit the key(s) details:
Select the checkbox () next to the required key(s) in the list.
Click EDIT DETAILS in the top right corner.
In the Edit Details dialog box, update the required values.
Click UPDATE to apply the changes.
6.3 View Key Details in Databases List View
Perform the following steps to view key details:
Filter the keys by database infrastructure:
Use Infrastructure = Databases to display keys scanned from a database.
In the list, click any key ID to view its properties and associated violations.
The KEY DETAILS tab displays the key’s properties, ownership information (if provided), and automatic rotation policy details.
If required, click EDIT DETAILS on the Ownership section to update the ownership details for the selected key.
Figure 4: Access key details view
NOTE
The Key Correlation section is visible only if an external key source (Fortanix DSM SaaS or On-premises) has been configured for the Fortanix Key Insight on-premises connection. You can filter the correlated keys using the Key Source = Fortanix or Key Correlation = Correlated attributes.
For a selected correlated key in the list, this section displays details such as the key source, key source type, last correlated date, and source key ID. Click the Key ID to navigate to Fortanix DSM SaaS and view the key details.
Figure 5: Access keys correlated data
The VIOLATIONS tab displays the violations associated with the key.
Figure 6: View key violations
The RESOURCE MAPPING tab displays the mapping between the key and on-premises database resource(s), if any. Click Legends to understand the meaning of icons and warnings displayed in the resource mapping view.
Figure 7: Key and resources mapping
7.0 Resources
After the on-premises connection is onboarded, click Resources on the Fortanix Key Insight left navigation panel.
Clicking Resources will take you to the Resources page, where you can view a list of all on-premises resources, including Oracle and MSSQL under the DATABASES tab.
Figure 8: Access resources
For every resource category (Oracle and MSSQL), the table displays the hostname/IP address, resource name, violations, resource ID, and the encryption type.
Click the violations count or icon to view the associated violations.
Use the Search field to filter resources based on the available criteria and supported values:
Click a resource category in the resources list to view its properties and associated violations.
The RESOURCE DETAILS tab displays the resource configuration details.
Figure 9: Access databases resource details
The VIOLATIONS tab displays the violations associated with the database keys and resources.
Figure 10: Access database resource violations
8.0 Scanned Data Export
This feature allows you to export the scanned key and resource-related data from Fortanix Key Insight in Comma-Separated Values (CSV) format. Also, it provides flexibility, enabling you to download data for detailed analysis, audits, or reporting, and to access real-time status.
In the on-premises databases Keys and Resources list view, click EXPORT to export the scanned data using any of the available options:
Figure 11: Access data export feature
Export current page: Use this option to export all column data from the current page in CSV format.
NOTE
You can download a maximum of 100 items at a time, based on the settings specified in the Items per page drop down.
Export all raw data: Use this option to export all scanned data in CSV format. Review the details in the Export All Raw Data dialog box and click PROCEED to start the export.
After the export process begins, you can track its progress. The export status will be logged with a message under the Activities tab in Fortanix Key Insight.For more information, refer to Section 8.1: View Export Activities.
Export selected rows: This option is disabled by default. You can select the checkbox () next to the required rows on the current page and then use this option to export only those rows in CSV format.
NOTE
Users with the Account Administrator and Group Administrator roles can only perform the scanned data export.
Within the same account, you can have multiple exports running simultaneously from different cloud and on-premises connections.
8.1 View Export Activities
After you initiate the export process using Export All Raw Data, you can track the export status in the Activities tab located in the left navigation panel of Fortanix Key Insight.
You can view the following details for each export:
Name of the activity.
Name of the file. For example, On-Premises Keys.csv.
Activity status: This indicates the current state of the data export. This can be,
Completed: The data export has been completed, and the CSV file will automatically download to the location specified on your local machine.
In Progress: The data export is in progress, and you can cancel it using if required.
Cancelled: The data export was cancelled, either manually or due to switching accounts while the export was in progress.
Failed: The data export did not complete successfully due to errors.
Name of the connection
Export creation date and time
Figure 12: Access Database activities
NOTE
If you switch to a different account during export, the export will be cancelled and logged in the Activities tab.
If you navigate to a different solution (for example, Fortanix Identity and Access Management (IAM)), the export will continue, but no logs will appear in the Activities tab. The export status will be confirmed using toast a message.
If you refresh the web page during the export, the confirmation dialog box will appear. If you refresh, the export will be cancelled, and all entries in the Activities tab will be removed. To avoid this, do not refresh the page during the export.
Fortanix Key Insight identifies encryption keys and data services across on-premises and hybrid multicloud environments, providing a unified dashboard for tracking key mappings and cryptographic security. It offers security and compliance teams data-driven insights to assess risks, align with best practices, and meet industry regulations. Iy also supports continuous risk mitigation and crypto-agility, adapting to evolving security needs, including preparation for the post-quantum era.
) in the top-right corner of the table to customize which columns are displayed, beyond the default six..png?sv=2022-11-02&spr=https&st=2025-12-10T21%3A52%3A30Z&se=2025-12-10T22%3A17%3A30Z&sr=c&sp=r&sig=OiJ0Cl0eptRJG7dUwrNdg%2BIXt1OTx52gvLOksEi7FT4%3D)
) next to the required key(s) in the list.
(2).png?sv=2022-11-02&spr=https&st=2025-12-10T21%3A52%3A30Z&se=2025-12-10T22%3A17%3A30Z&sr=c&sp=r&sig=OiJ0Cl0eptRJG7dUwrNdg%2BIXt1OTx52gvLOksEi7FT4%3D)
) next to the required rows on the current page and then use this option to export only those rows in CSV format.
if required..png?sv=2022-11-02&spr=https&st=2025-12-10T21%3A52%3A30Z&se=2025-12-10T22%3A17%3A30Z&sr=c&sp=r&sig=OiJ0Cl0eptRJG7dUwrNdg%2BIXt1OTx52gvLOksEi7FT4%3D)