Entrust Cryptographic Security Platform Vault

At the heart of every Entrust Cryptographic Security Platform Vault deployment is an active-active cluster of Cryptographic Security Platform Vault nodes that manage encryption keys for virtual Linux and Windows machines.

Cryptographic Security Platform Vault features include:

• An active-active cluster for high availability. Any changes made to any Cryptographic Security Platform Vault node in the cluster are automatically reflected on all nodes in the cluster.

• Clustered object store protecting keys, policies and configuration data. All objects are encrypted and ultimately wrapped with an Admin Key.

  The Admin Key uses a software-based "n of m" backup. This prevents Cryptographic Security Platform Vault backups from being stolen and installed on new hardware.

• Nodes can join or leave the cluster without affecting Cryptographic Security Platform Vault's ability to deliver encryption keys.
• A Cryptographic Security Platform Vault cluster moves into degraded mode (read only) on network disconnect or failure. While in degraded mode, any Cryptographic Security Platform Vault node can still serve requests for existing keys and policies from VMs where the Policy Agent is installed. However, new encryption keys cannot be created.
• Each Policy Agent communicates with any Cryptographic Security Platform Vault node, switching between them if they detect a non-responsive Cryptographic Security Platform Vault node.
• All system components of the Cryptographic Security Platform Vault are encrypted.
• Support for admin authentication via local accounts with strict password controls or via accounts stored in LDAP (including Microsoft AD).
• Support for Alerts in environments with and without email access.
• Full-featured command line utilities (hicli and hcl).
• A rich RESTful API.