Advanced Key Protect

Advanced Key Protect is an optional add-on feature to CyberArk Trust Protection Foundation that allows you to use an HSM for central private key generation, remote key generation, and code signing certificate private key storage.

Before enabling Advanced Key Protect, contact your CyberArk sales representative to understand how this feature will affect your billing.

Advanced Key Protect is enabled in the CyberArk Configuration Console. For more information see Enabling Advanced Key Protect.

Central private key generation

With central private key generation, Trust Protection Foundation generates and stores the private key that is used for the CSR (certificate signing request).

For more information on central private key generation, see Hardware central key generation with Advanced Key Protect.

Remote private key generation

Remote private key generation means that you are using a supported driver to connect to an HSM where the private key is stored. In this case, Trust Protection Foundation never sees the private key. Remote private key generation using an HSM is supported on the following drivers:

• Apache
• CAPI
• JKS

For more information about remote private key generation, see Hardware remote key generation with Advanced Key Protect.

For more details on the differences between remote private key generation and central private key generation, see Supported methods of key generation.