Skip to content

Credential managers overview

Rotating credentials that provide machines privileged access is a critical piece of maintaining robust security in your datacenter. The Certificate Manager - SaaS integration with credential managers allows Certificate Manager - SaaS to access credentials stored by credential managers when performing functions like provisioning certificates to machines.

This allows you to take advantage of Certificate Manager - SaaS's certificate monitoring and provisioning services while continuing to manage your credentials separately.

VSatellites

The connection between Certificate Manager - SaaS and your credential service is established through a Venafi VSatellite. VSatellite is a small piece of software installed on a Linux server in your data center that can access both Certificate Manager - SaaS and your credential service, thereby becoming the bridge between the two services.

Important

We recommend setting up multiple VSatellites for redundancy purposes. Multiple VSatellites can be applied to a credential connector in Certificate Manager - SaaS, so if one becomes unreachable, others are available.

This diagram illustrates the relationship between the components that allow Certificate Manager - SaaS to use credential managers.

graph TD
    A[Certificate Manager - SaaS]
    subgraph Datacenter[" "]
        direction TB
        B[VSatellites]
        subgraph row[" "]
            direction LR
            IL(( ))
            D[Application Server]
            C[Credential Provider]
            E[Application Server]
            IR(( ))
        end
    end
    A --> B
    B <-->|"Certificate Manager - SaaS<br>Machine connector"| D
    B <-->|"Certificate Manager - SaaS<br>Credential connector"| C
    B <-->|"Certificate Manager - SaaS<br>Machine connector"| E
    C <--> D
    C <--> E
    style row fill:none,stroke:none,stroke-width:0
    style IL fill:none,stroke:none,stroke-width:0
    style IR fill:none,stroke:none,stroke-width:0

Next steps

Get started connecting to a credential manager.