Privacy Settings
Key Manager Plus provides a set of privacy options which administrators can customize according to their requirements in order to meet the privacy standards laid down by the General Data Protection Regulation (GDPR).
- Provision to Purge Audit Trails
- Password Protection for Exports
- Provision to Control the Exposure of Personal Data in Reports
- Provision to Manage Non-User Email Addresses
- Provision to Delete Domains from the Allowlist
1. Provision to Purge Audit Trails
Administrators can choose to purge old audit trails operation-wise, those which are no longer required in relation to the purposes for which they were originally recorded. To purge audit records,
- Navigate to Settings >> Privacy Settings >> Purge Audit Trails
- For those operations where audits need to be purged, specify the time interval in days beyond which you want to have the audit records erased.
- Click Save. The Audit settings are successfully updated.
2. Password Protection for Exports
Administrators can now enable password protection, adding an extra layer of security for all files exported from Key Manager Plus. The platform offers two levels of password protection for exports:
i. Global password - A uniform password applicable for all users when exporting files from Key Manager Plus.
ii. User password -In addition to the global password, administrators can also allow users to set their own custom passwords while exporting files.
To enable password protection for exports,
- Navigate to Settings >> Privacy Settings >> Export Settings.
- Tick the Enable password protection for exports checkbox.
- Enter a password in the 'Global Password' field. The provided global password is common for all the users, and users should enter this password to decrypt the exported file.
- To allow users to set their own custom passwords for exports, tick the Allow users to create custom passwords for exports checkbox.
- Users can enable or disable custom passwords for exports by ticking the 'Set my own custom password for exports' checkbox from Settings >> Privacy Settings >> Export Settings.
- If users choose to export files with their custom password, they can enter a password of their choice in the Custom Password field.
- Click Save to update the export settings.
Notes:
- After setting up a global password, all files will be exported in password-protected zip folders encrypted using the Advanced Encryption Standard (AES) algorithm. To access the files, you should use a third-party tool that supports AES encryption and decryption, like 7-ZIP or WinRAR. You will need the global password to decrypt the exported file.
- Only the global password should be used to access report exports in e-mail notifications for scheduled report generation even if you have enabled the user password option.
3. Provision to Control the Exposure of Personal Data in Reports
Key Manager Plus includes provisions to control the extent to which personal data is exposed in canned reports. Administrators can choose to 'mask' or 'hide' certain Personally Identifiable Information (PII), and thereby can replace those specific personal data with random fictious characters or entirely hide them in reports exported from Key Manager Plus or in scheduled reports that carry those personal data.
Key Manager Plus provides options to mask / hide the following private data.
- User name
- SSH user name
- SAN
- Resource name
- Landing server name
- Key name
- Issuer
- IP address
- Instance name
- Host name
- Domain name
- Domain controller
- DNS name
- Description
- Data center
- Common name
- Certificate template
- Certificate authority
- AD user name
To mask / hide PII in reports,
- Navigate to Settings >> Privacy Settings >> Export Data Settings
- Select those personal data that you wish to mask / hide in reports exported from Key Manager Plus or in scheduled report generation using the combinations provided.
- After providing your inputs, click Submit.
- You will note that data privacy is applied to report exports and scheduled reports as per your requirements.
4. Provision to Manage Non-user Email Addresses
Key Manager Plus allows administrators to configure email notifications about the completion of scheduled tasks, license expiration and other important operations to users who do not have an individual account with Key Manager Plus. A complete list of all such external IDs are duly maintained in Key Manager Plus to assist authorized administrators to keep a track on non-user email addresses being used in Key Manager Plus and also delete them if needed.
To manage non-user email addresses,
- Navigate to Settings >> Privacy Settings >> Unmapped E-mail IDs
- You can find a list of email addresses that are not mapped with any of your Key Manager Plus users.
- Administrators also have the privilege to delete those non-user email addresses that have become irrelevant. Select those email ids that need to be deleted and click Delete.
- The email ids are deleted from Key Manager Plus database.
5. Provision to Delete Domains from the Allowlist
Domains and IP addresses stored through Key Manager Plus integrations will be automatically added to the Domain - Allowlist, ensuring that only trusted domains could be connected to Key Manager Plus. By default, commonly used Certificate Authority (CA) domains are pre-populated in the default allowlist, while any additional domains or IP addresses specified by the administrator will also appear in the Domains - Allowlist for easy management. To delete a domain from the allowlist, perform the following actions:
- Navigate to Settings >> Privacy Settings >> Domains - Allowlist.
- Select the domain you want to remove from the allowlist and click the Delete button at the top pane.
- In the pop-up confirmation window that appears, click OK to delete the domain from the allowlist.
Notes:
- Exercise caution when deleting a domain from the allowlist as Key Manager Plus will no longer be able to connect to the domains removed from the allowlist.
- Administrators are restricted to delete domains that are added to the allowlist by other administrators.