Simplify PKI and Integrate Secret Management with AppViewX and HashiCorp
A critical part of the IT/DevOps teams’ jobs involve ‘secret management’. As part of this task, confidential material such as private keys, access codes, and database credentials must be stored, circulated, managed, and used with utmost caution, so as to prevent loss, or potential misuse.
Often, these secrets are stored in a miscellaneous, scattered fashion, which not only increases their exposure to theft, but is also counter-intuitive to traditionally rapid, organised DevOps processes. These methods also lack industry standard encryption, which compromises organisations’ threat deterrence capabilities and compliance protocols even further.
Book a Demo to see AppViewX and HashiCorp integration in action
The use of secure vault software to store and circulate secrets adds an additional layer of security to tasks like key storage for SSL termination and use, or key imports. Additionally, there is a need for the PKI management system to be closely integrated with the secure vault, so as to facilitate simplified management, centralised control, and streamlined usage of secrets.
HashiCorp and AppViewX Joint Solution
AppViewX and HashiCorp Vault integrate seamlessly to enable secure correspondence between various applications. The disjointed manual processes of key generation and Certificate Signing Requests can be skipped by means of automation, accelerating the process of issuance and instalment.
HashiCorp Vault provides secure storage, retrieval, and manipulation of PKI components, while AppViewX assumes the role of a registration authority, certificate management engine, and lifecycle automation tool via the API.
Certificate Enrolment with AppViewX as internal or external CA
AppViewX provides a plugin that can be configured and installed into a live HashiCorp Vault environment. Here, AppViewX acts as a Registration Authority, via which certificate requests are routed by the Vault. Once the Vault requests a certificate, AppViewX automatically gets the certificate signed by the CA, and pushes it back to the vault for further usage.
Once the setup process is complete, users can request and enrol certificates from right within the Vault’s PKI engine, with the certificates and private keys being stored inside it to enhance security and minimise latency.
Single-pane-of-glass Issuance and Secure Key Storage
HashiCorp Vault’s PKI engine is capable of securing, encrypting, storing, and controlling access to certificates, keys, and CSRs. The AppViewX-Vault integration makes it possible for users to obtain certificates from an enterprise/public CA without having to manually generate private keys and CSRs, submitting them to a CA, and getting them verified and signed before they can be deployed. AppViewX single-pane-of-glass functionality makes this possible without the user having to switch between interfaces to do so. HashiCorp Vault features built-in authentication and authorisation functionality, enabling verification to be completed internally — this accelerating and securing the transaction end-to-end.
Book a demo to know about secret management and how Hashicorp and AppViewX help simplifying PKI.
