Your suggested change has been received. Thank you.

Suggest A Change

Thank you! Your suggestion has been submitted.

https://thales.na.market.dpondemand.io/docs/dpod/services/kmo….

There are some errors in your form.

Your Name This field is required

Your Email This field is required

How can we improve this content? This field is required

ProtectServer 3 HSM and ProtectToolkit 7
ProtectServer 2 HSM and ProtectToolkit 5
ProtectServer 3 HSM Integration Guides

All

All

CyberArk Vault

Overview

ProtectServer 3 HSM Integration Guides
Apache Tomcat
- Overview
- Getting started
- Generating a new SSL certificate and key on a ProtectServer 3 HSM
CyberArk Vault
- Overview
- Getting started
- Generating a CyberArk Vault server key on a ProtectServer 3 HSM
- Migrating an existing CyberArk Vault server key to a ProtectServer 3 HSM
HashiCorp Vault
- Overview
- Getting started
- Configuring HashiCorp Vault
- Rotating HashiCorp Vault Keys
Microsoft Active Directory Certificate Services (ADCS)
- Overview
- Getting started
- Installing Microsoft ADCS on Windows Server using SafeNet KSP
- Enrolling the certification authority certificate
- Archiving the CA key
- Performing a key recovery
Microsoft Online Certificate Status Protocol (OCSP)
- Overview
- Getting started
- Setting up an enterprise root certificate authority
- Installing the Online Responder service
- Configuring CA to issue OCSP response signing certificates
- Creating a revocation configuration
- Verifying auto-enrollment
- Validating OCSP integration
- Troubleshooting
OpenSSL
- Overview
- Getting started
- Configuring OpenSSL and GemEngine for a ProtectServer 3 HSM
Oracle Database Transparent Data Encryption (TDE)
- Overview
- Getting started
- Granting the Oracle Database access to the PKCS#11 library
- Configuring a master encryption key for HSM-based encryption
- Verifying that the master encryption key is encrypting the database

Was this document helpful? Yes No

Feedback Sent!

If you like, you can provide additional feedback.

Home
ProtectServer 3 HSM Integration Guides
CyberArk Vault
Overview

Overview

This integration guide describes how to store a CyberArk Vault top-level encryption key (server key), which is required to start a CyberArk Vault, on a ProtectServer 3 HSM.

At the core of CyberArk Privileged Access Security is the CyberArk Digital Vault that contains a highly secure database for storing privileged account credentials, access control policies, credential management policies, and audit information. To protect the Vault database and the data stored within the database, CyberArk has designed a multi-layered encryption hierarchy that uses FIPS 140-2 compliant encryption to protect each object in the Vault. Each individual file and safe within the Vault database is encrypted with its own unique encryption key and the Vault has a top-level encryption key, called the server key, which is required to start the Vault.

Using ProtectServer 3 HSMs to secure the server key provides the following benefits:

Secure generation, storage, and protection of the identity-signing private key on FIPS-validated hardware.
Full life-cycle management of the keys.
Significant performance improvements by off-loading cryptographic operations from application servers.

On this page

ProtectServer HSM and ProtectToolkit

© Copyright 2019-2024, Thales Group
Last Updated: 2024-11-05 11:15:59

+1 410-469-1651 supportportal.thalesgroup.com

Support
- Document Conventions
- Support Contacts
Legal

© Copyright 2019-2024, Thales Group

+1 410-469-1651 supportportal.thalesgroup.com