Isolated Vault
2 minute read
Introduction
With a variety of discovery modules in Docusnap365, it is necessary to use privileged user accounts for discovery in order to achieve the best possible result in terms of data quality and quantity. We are aware of the different requirements of our customers and prospects and therefore offer some options on how to handle credentials. Basically, three different variants are provided for the use or storage of credentials:
- Single use for one job
- Storage in isolated vault for multiple use
- Storage directly on Docusnap Enterprise Gateway
Single use for one job
With one-time use credentials, the required credentials are entered in the discovery wizard. After the discovery job is started, we transmit the credentials encrypted to the vault. The Docusnap Enterprise Gateway receives the new discovery job and requests the credentials for that single job from the vault. The credentials are then removed from the vault. The request is made using Perfect Forward Secrecy (PFS) over HTTPS.
Storage in isolated vault for multiple use
The most convenient way to work with Docusnap365 is to store and manage credentials securely in the vault.
After entering the credentials in the discovery wizard, they can be stored - labeled - in the vault. This essentially has the major advantage that even non-privileged users can work with Docusnap365 without needing to have knowledge of credentials. An additional added value is the reusability of credentials.
Storage directly on Docusnap Enterprise Gateway
The third way to handle credentials is to store them directly on the Docusnap Enterprise Gateway. This provides a way to ensure that credentials do not leave your network.
The credentials are entered directly on the Docusnap Enterprise Gateway and stored on it in encrypted form. The credentials are stored in the directory “%ProgramData%/Docusnap/Enterprise Gateway/Credentials”. We only store the freely definable name of the credentials in the vault so that they can then be conveniently selected in the various discovery wizards.
In the discovery wizard, the corresponding entry can be selected from the isolated vault. After the discovery job is started, the Docusnap Enterprise Gateway receives the job and recognizes from the signature that the local credentials are to be used.