KeyLocker user roles
Assign one or more roles to a DigiCert® KeyLocker user when you add or update the user.
CertCentral master administrators automatically become the KeyLocker lead. The KeyLocker lead role is usually assigned to an account lead who manages assets, users, and is able to sign with the key stored in DigiCert® KeyLocker.
Category | Permission | User can | Notes |
|---|---|---|---|
User settings | Default | View their own user profile and generate their own API key and client authentication certificate in DigiCert ONE. | |
Manage user |
| ||
Account settings | Manage CertCentral API key | Delete, disable, enable, setup, update and validate a CertCentral API key. | |
Certificates | View certificate | View certificate details for all certificates assigned to them. | Users with |
Revoke certificate | Revoke certificates associated with keypairs that they are assigned to. | Users with | |
Keypairs | View keypair | View keypair details in the account. | |
Manage keypair | Update the keypair alias. | ||
Signatures | Sign | Sign software with keypairs assigned to them. |
DigiCert ONE users with the KeyLocker signer role is usually assigned to an engineer or an authenticated device that signs software.
Category | Permission | User can | Notes |
|---|---|---|---|
User settings | Default | View their own user profile and generate their own API key and client authentication certificate in DigiCert ONE. | |
Certificates | View certificate | View certificate details for all certificates assigned to them. | Users with |
Keypairs | View keypair | View keypair details in the account. | |
Signature | Sign | Sign software with keypairs assigned to them. |