In order to access resources, change configuration of cloud infrastructure or perform any operation on a server – container, virtual, or on-prem – both humans and machines need SSH access. The common practice today is to place SSH keys in local disks, configuration files and DevOps scripts.
In today’s complex cloud architecture and DevOps practices, when machines are ephemeral by definition and require temporary scripts, the need to continuously issue and manage public keys is a never-ending hassle. After the initial issue of an SSH key, there’s a need to continuously keep it valid and updated. On top of that, configuration management tools and ‘master access servers’ are always a prime target for malicious attacks.
Additionally, since teams share SSH keys, when a team member leaves all public keys must be located and access revoked. This scenario is extremely cumbersome since their precise locations are usually not well-documented.
AKEYLESS connects between your identity provider and SSH protocol so that access to servers is executed by existing access groups in your environment via a single sign-on. Instead of issuing SSH key pair - public and private, AKEYLESS provides ephemeral certificates to allow access via SSH protocol, thus eliminating the need for SSH keys.
Eliminates the use of SSH keys for all machines, providing ephemeral certificates to allow server access via SSH protocol.
Monitors user commands across all machines, creating real-time audit logs to allow individual accountability and forensics, stored on the AKEYLESS platform.
Choose your preferred identity providers (IDP) such as Okta, AWS-IAM, Azure-Identity, Kubernetes and others
Use our RBAC (Role-Based Access Control) to set policy for who can access which secret
Know who accesses what machine, and what commands are executed through your analytics dashboard
Interested in seeing AKEYLESS in action?Schedule a Demo