Skip to main content

KeyLocker lead

CertCentral master administrators automatically become the KeyLocker lead. The KeyLocker lead role is usually assigned to an account lead who manages assets, users, and is able to sign with the key stored in DigiCert® KeyLocker.

Permissions

The DigiCert® KeyLocker lead role has the following permissions assigned:

Category	Permission	Description
User settings	Default	User can view their own user profile and generate their own API key and client authentication certificate in DigiCert ONE.
User settings	Manage user	User can: View details for all users, accounts, and organizations. Modify, add, or remove users. Generate the API key and client authentication certificate for service users because they do not have access to DigiCert® KeyLocker.
Account settings	Manage CertCentral API key	User can delete, disable, enable, setup, update and validate a CertCentral API key.
Certificates	View certificate	User can view certificate details in the account.
Certificates	Revoke certificate	User can revoke certificates in the account.
Keypairs	View keypair	User can view keypair details in the account.
Keypairs	Manage keypair	User can update the keypair alias.
Signatures	Sign	User can sign.

In this section: