Skip to content

Components in SecretZero Solutions

Overview

SecretZero PAM solution consists of integrated components that work together to provide secure, passwordless access to critical systems. Each component has a unique role, contributing to the overall functionality of the solution. Below is a detailed description of these components:

Components

alt text

1. Secure Database

The Secure Database (presented as datastore) is the central repository for all data built insde the SecretZero appliance. Key features include: - Data Security: All data is stored securely within the appliance and is fully sealed. - Restricted Access: The database is completely inaccessible to human users, ensuring no unauthorized access.

This ensures the highest level of data integrity and security.

2. LDAP

The integrated LDAP component plays a critical role in enabling Unix PAM sudo solutions: - Unix PAM Integration: Allows seamless switching to technical accounts on Unix-based systems. - Centralized Directory: Acts as the central authentication and authorization store for Unix systems.

LDAP simplifies and unifies Unix authentication while maintaining robust security. All unix systems have to trust this LDAP for Sudo Authorizations.

3. SecretZero Certificate Authority (CA)

The SecretZero CA is a built-in Certificate Authority within the appliance: - Ephemeral Certificate Management: Generates and signs short-lived, ephemeral certificates for secure authentication. - Seamless Integration: Enables passwordless authentication by providing JIT (Just-In-Time) credentials for secure access.

This component ensures secure, dynamic credential management without reliance on static passwords.

4. S0 Agent

The S0 Agent is a lightweight client-side application for secure session establishment: - Secure Sessions: Helps users securely establish and terminate sessions to remote servers. - User-Friendly: Runs on the user’s desktop, providing a seamless and secure connection experience.

The S0 Agent simplifies secure access to remote systems while maintaining robust security protocols.

5. Connector Server

The Connector Server acts as a broker server for managing connections to target systems: - Windows-Based: Deployed as a Windows server to facilitate secure communication. - Connection Brokering: Acts as an intermediary between the SecretZero appliance and the target systems. - Secure and Scalable: Ensures all connections are routed securely through the appliance.

This component ensures centralized, secure communication for managing target systems effectively.

Summary

The SecretZero PAM solution uses a combination of these components to provide a secure, efficient, and seamless passwordless experience. From secure data storage to dynamic credential management and connection brokering, each component contributes to the solution's robust architecture.