Vault

What is Vault

Vault in the admin portal refers to the system vault that stores usernames and passwords, private keys, API keys, and certificates set by the Safous administrator on the Settings > ZTNA > Vault page of the admin portal. End users, when accessing a resource, do not need to know the credentials to sign in to the resource. If the option Assign secret from vault is set as the authentication method for an application, end users are not prompted for credentials; instead, the stored secret is used to automatically sign in the user. Administrators can create, update, or delete information in the vault via the admin portal. While the secret name is visible, confidential information such as passwords, private keys, and API key secrets cannot be viewed on the admin portal for existing secrets.

Types of Secrets

The vault supports various types of secrets. Each type has fields according to the nature of the information stored.

• Passwords: The admin portal can add usernames and passwords of resources, each identified by a name, called Secret name on the portal. While the username is visible on the portal, the password is not.

• Private Keys: Private keys are part of a key pair used for identity verification when connecting to a server, such as SSH. Private keys are added with a name, username, and the private key. The private key is not visible on the portal.

• API Keys: API keys serve to identify and authenticate applications or users. These are stored in the combination of name, keyID, and key secret. They are stored exclusively in the system vault. The key secret is not visible on the portal.

• Certificates: Certificates, when used to sign in to servers, are primarily used for client authentication when the server requires mutual authentication of both client and the server (mTLS). On the Secrets page, the public key and private key are stored separately in PEM format. While the public key is visible, the private key is not visible on the admin portal.

• Generic Secrets: These are strings of characters used for simple authentication. The secret consists of two strings, a name, and a value. The secret is not visible on the admin portal.