Akeyless is a platform that stores and protects your secrets and certificates in one centralized easy-to-access location, making them available continuously without disrupting your workflow. Use Akeyless for these credential types:
- API Keys
- SSH Keys
- TLS/SSH Certificates
- Encryption Keys
- Signing Keys
Find more details about these types below in Supported secrets and credentials.
Akeyless is deployed with multi-cloud and multi-region methodologies, and so provides you with high availability and latency. In order to facilitate seamless integration into your environment, Akeyless supports a number of plugins.
Additionally, Akeyless offers a unique API gateway, which adds an extra level of protection between your private network and the cloud, for customers working with zero-trust architectures. With this gateway, Akeyless offers:
- Live fallback for network connectivity issues
- Service continuity via secrets snapshots
- Local cache in-memory for continuous service
The following diagram presents the high-level architecture of the Akeyless Vault service.
- If implementing zero-trust, the admin installs the Akeyless API Gateway.
- The admin creates granular roles that define access policies to Akeyless.
- The admin invites the team to use Akeyless as part of their natural workflows. Each member receives access to Akeyless based on the roles the admin has configured for them.
- Each member calls Akeyless through the method that integrates best with their workflows, leveraging our CLI, SDKs, plugins and our intuitive UI.
- The admin creates and stores secrets in Akeyless. The admin can also use our automatic migration services to move your secrets from other storage solutions.
- The secret is encrypted locally. Akeyless generates new keys using fragments by leveraging the DFC technology. Akeyless implements a patented technology called Distributed Fragmented CryptographyDistributed Fragmented Cryptography - Distributed Fragmented Cryptography (DFC) is an Akeyless patented technology that performs crypto operations on the static key fragments, without combining those fragments at any time. Each of these fragments is stored separately by different cloud providers. With DFC, Akeyless encrypts (or digitally signs) the customer application without ever combining the master key throughout the process. This means that the key fragments remain static on the Akeyless node servers, while the actual encryption is performed from your (the customer) side. This enables maximum protection of all of your secrets with these guardrails in place: - Keys are stored in fragments. - Encryption key fragments are never combined. - Akeyless has zero visibility of your secrets and keys - only you can access them. (DFC).
- For zero-trust, Akeyless has no way of accessing this secret from the get-go and:
- one of the key fragments, the customer fragment, is stored within the customer perimeter;
- from the gateway, all local resources are managed such as producers, LDAP server, and the like; and additional capabilities are leveraged to ensure service continuity and backups in case of power shortages, and other use cases.
- Once authenticated and authorized (by role), Akeyless enables use of the secrets.
Akeyless supports storing and managing access to all of the apps and tools you use in your daily flow in the a secure vault, allowing access to only you.
The following table describes these different types in detail.
A key and value used for access.
With dynamic secrets, you can create ad-hoc temporary credentials in real time for a certain resource. Once used, the credentials are no longer valid and cannot be reused.
Encryption keys are either AES or RSA keys of various sizes. Use these keys to encrypt secrets or any other kind of data, and also to sign binaries or application-transactions.
SSH Cert Issuer
The Akeyless SSH Certificate Authority Once you've stored a single private key, you can create temporary SSH keys per session for third-party authentication.
PKI Cert Issuer: The Akeyless PKI Certificate Authority
The PKI Cert Issuer generates an ephemeral certificate signed by an RSA key that is added to the root or intermediate certificate chain of trust.
Updated about a month ago