SSH Secrets

You can add SSH private keys as secrets to your KeyControl PASM Vault. This allows users to access a server using SSH (also known as Secure Shell) using the secret.

Along with the SSH private key, you define the user and server details. You also define the access policy for the user for the relevant KeyControl PASM Vault.

During configuration of the SSH private key secret, you specify the host (IP), user (on the VM), and you upload the SSH private key (the same private key used to access the VM directly).

The user logs on to their KeyControl PASM Vault to confirm the details and can access the server using the SSH key secret.

For additional security and to protect important assets, you can restrict access, so it is only possible for the user to access the server using their SSH secret. For example:

Once configured, users/admins access their VMs using key vault. Users log on to their remote VM through their vault, using the vault IP, the vault user name and the port specified in the SSH secret. The port is specific to the VM.

Users with access to many VMs over SSH can log on to all their VMs using their vault IP and vault user name – and simply change the port to specify the VM.

• For details on creating and configuring SSH secrets, see Creating an SSH Secret.

• For details on how users log on to remote servers using their SSH secret, see Logging on to remote server using SSH Secret.