The Akeyless Dev Hub

If you're looking for help with the only zero-trust, SaaS, unified platform for secrets management - you've come to the right place.

This is our documentation and updates center.


How Akeyless Works

Akeyless implements a patented technology called Distributed Fragmented CryptographyDistributed Fragmented Cryptography - Distributed Fragmented Cryptography (DFS) is an Akeyless patented technology that performs crypto operations on the static key fragments, without combining those fragments at any time. Each of these fragments is stored separately by different cloud providers. With DFS, Akeyless encrypts (or digitally signs) the customer application without ever combining the master key throughout the process. This means that the key fragments remain static on the Akeyless node servers, while the actual encryption is performed from your (the customer) side. This enables maximum protection of all of your secrets with these guardrails in place: - Keys are stored in fragments. - Encryption key fragments are never combined. - Akeyless has zero visibility of your secrets and keys - only you can access them. (DFS) that stores and protects your secrets and certificates in one centralized easy-to-access location, making them available continuously without disrupting your workflow.

In order to facilitate seamless integration into your environment, Akeyless supports a number of plugins.

Use Akeyless for these credential types:

  • Passwords
  • API Keys
  • SSH Keys
  • TLS/SSH Certificates
  • Encryption Keys
  • Signing Keys

Akeyless is deployed with multi-cloud and multi-region methodologies, and so provides you with high availability and latency.

Additionally, Akeyless offers a unique API gateway, which adds an extra level of protection between your private network and the cloud, for customers working with zero-trust architectures. With this gateway, Akeyless offers:

  • Live fallback for network connectivity issues
  • Service continuity via secrets snapshots
  • Local cache in-memory for continuous service

So how does it work?

The following diagram presents the high-level architecture of the Akeyless Vault service.

  1. If implementing zero-trust, the admin installs the Akeyless API Gateway.
  2. The admin creates granular roles that define access policies to Akeyless.
  3. The admin invites the team to use Akeyless as part of their natural workflows. Each member receives access to Akeyless based on the roles the admin has configured for them.
  4. Each member calls Akeyless through the method that integrates best with their workflows, leveraging our CLI, SDKs, plugins and our intuitive UI.
  5. The admin creates and stores secrets in Akeyless. The admin can also use our automatic migration services to move your secrets from other storage solutions.
  6. The secret is encrypted locally. Akeyless generates new keys using fragments by leveraging the DFC technology.
  7. For zero-trust, Akeyless has no way of accessing this secret from the get-go and:
  • one of the key fragments, the customer fragment, is stored within the customer perimeter;
  • from the gateway, all local resources are managed such as producers, LDAP server, and the like; and additional capabilities are leveraged to ensure service continuity and backups in case of power shortages, and other use cases.
  1. Once authenticated and authorized (by role), Akeyless enables use of the secrets.

Updated 2 days ago

What's Next

We support secrets and credentials as outlined here:

Supported Secret and Credential Types

How Akeyless Works

Suggested Edits are limited on API Reference Pages

You can only suggest edits to Markdown body content, but not to the API spec.