Skip to main content

Secure Software Manager

Enhancements

Account Settings

  • We created a page to allow SSM administrators to enable/disable product functionality at their account level.

  • This permits administrators to limit keypair creation based on algorithms and key strength/curve as well as being able to enable/disable functionality like keypair profiles, access policies, key storage options and user access controls.

Access Policy Management

  • We are now providing SSM accounts with the option to have access policies controls in place with respect to users and/or user groups to determine what keypair profiles and certificate profiles they are permitted to use.

  • These controls will give the opportunity for security policies to enforce what keypairs and certificate types are created and utilized on the customer’s account.

Private Key Export

  • Private Key Export is now supported as part of a multi-person approval flow.

  • Users with the "request export" permission can make a request for a disk-based keypair to be exported

    • This will require the approval from a different person with the "key export approval" permission.

    • All admins with the export approval workflow will receive an email advising of the request to export and will have 72 hours to approve.

  • Once approved, the requesting user will be notified by email and will be able to download the keypair in *.pem format, which is encrypted by a password provided to the requester.

Deletion of Keypairs and Certificates

  • User will be permitted to delete keypairs and certificates using a soft delete approach.

    • The removal from the service will not impact signatures completed by those keys and certificates in the past.

    • Records of the signatures by deleted keys and certificates will be retained in the audit trail and from there keypair and certificate details can be viewed.

    • Deleted keypairs and certificates will not show up in the keypair list or the certificate list

    • Deletion is permanent - it cannot be restored once deleted.

Upgrades/Updates

  • Addition of IP Address to audit and signature logs to assist with customer troubleshooting.

  • Refactoring of the server-side code bringing about performance improvements.

Fixes

  • Signature Logs now present in order as per most recent signature.

Nesta secção: