At heart, Akeyless is all about authenticating identities and authorizing them to access secrets.
The platform serves two main types of identities: human identities and machine identities. When we say machine, we are of course referring collectively to script, service, microservice, container, VM, and so on; anything that is not run manually using a human identity.
Each identity is represented by an Authentication Method object. Each Authentication Method is associated with an Access Role that grants different levels of permission (including create, read, list, update, and deny) to specific secrets. Depending on the permissions granted, the identity either gets access to the secret value, or access to the resource for which the secret is defined.
Let's see how this process works for a machine identity.
A container that requires credentials to connect to a SQL server uses its AWS Role to authenticate to Akeyless.
Akeyless checks in the associated role permissions that the container can access the secret.
Akeyless provides the secret to the container, which uses the credentials to interact directly with the SQL database.
The process is identical for human identities.
Updated 5 months ago
|Access Roles (RBAC)|