Managing system encryption keys

CyberArk Trust Protection Foundation™ maintains all system information—that is, configuration settings, managed server and certificate information, credentials, archived certificates and private keys—in a database. To secure this information, Trust Protection Foundation uses either a software encryption key or a hardware encryption key on a supported HSM device to encrypt the information used to connect to the database.

To secure the encryption assets within the database, Trust Protection Foundation also encrypts sensitive information such as certificate private keys, Credential objects, and SSH keys. Trust Protection Foundation uses the encryption key to secure encryption assets within the database.