Credential managers overview¶
Rotating credentials that provide machines privileged access is a critical piece of maintaining robust security in your datacenter. The Certificate Manager - SaaS integration with credential managers allows Certificate Manager - SaaS to access credentials stored by credential managers when performing functions like provisioning certificates to machines.
This allows you to take advantage of Certificate Manager - SaaS's certificate monitoring and provisioning services while continuing to manage your credentials separately.
VSatellites¶
The connection between Certificate Manager - SaaS and your credential service is established through a Venafi VSatellite. VSatellite is a small piece of software installed on a Linux server in your data center that can access both Certificate Manager - SaaS and your credential service, thereby becoming the bridge between the two services.
Important
We recommend setting up multiple VSatellites for redundancy purposes. Multiple VSatellites can be applied to a credential connector in Certificate Manager - SaaS, so if one becomes unreachable, others are available.
This diagram illustrates the relationship between the components that allow Certificate Manager - SaaS to use credential managers.
graph TD
A[Certificate Manager - SaaS]
subgraph Datacenter[" "]
direction TB
B[VSatellites]
subgraph row[" "]
direction LR
IL(( ))
D[Application Server]
C[Credential Provider]
E[Application Server]
IR(( ))
end
end
A --> B
B <-->|"Certificate Manager - SaaS<br>Machine connector"| D
B <-->|"Certificate Manager - SaaS<br>Credential connector"| C
B <-->|"Certificate Manager - SaaS<br>Machine connector"| E
C <--> D
C <--> E
style row fill:none,stroke:none,stroke-width:0
style IL fill:none,stroke:none,stroke-width:0
style IR fill:none,stroke:none,stroke-width:0
Next steps¶
Get started connecting to a credential manager.