Skip to main content

Securosys Secrets Engine Plugin

Most enterprises today have credentials sprawled across their organizations. Passwords, API keys, and credentials are stored in plain text, app source code, config files, and other locations. Maintain them can be very difficult. Additionally mostly of them are stored in simply plain text which can increases the potential for malicious attacks.

Vault takes all of these credentials and centralizes them so that they are defined in one location, which reduces unwanted exposure to credentials. But Vault takes it a few steps further by making sure users, apps, and systems are authenticated and explicitly authorized to access resources, while also providing an audit trail that captures and preserves a history of clients' actions.

The Securosys Secrets engine is plugin prepared for Hashicorp Vault, and works with both version Community and Enterprise. Plugin uses benefits of the TSB and Primus HSMs to generate, store and apply the keys and make cryptographics operations with them. Vault doesn't store the data sent to the secrets engine, so it can also be viewed as encryption as a service.

Plugin provides following features:

  • sing and verify data
  • encrypt and decrypt data
  • wrap and unwrap key
  • supports SKA workflow
  • supports Key rotation
  • supports integration for MariaDB database encryption

Figure 1:Securosys Secrets Engine workflow with Hashicorp Vault Integration