Your applications and development processes depend on a vast collection of services to store, retrieve, and generate credentials.
Aembit provides robust support for growing numbers of trust and credential providers, ensuring easy adoption and centralizing the source of truth for all workload and non-human access.
Credential providers (CPs) are systems that provide various types of access credentials, like OAuth tokens, API keys, or username and password pairs. The Aembit Cloud itself can function as a CP, or Aembit can integrate with your preferred third-party security token services or secrets management services.
Aembit will automatically retrieve stored keys or credentials, or request access tokens on behalf of client workloads and injects them in the API call without having to change any code. These keys and credentials hidden from your developers and applications. They can never be leaked
Trust providers are third-party systems or services that provide a secretless method for Aembit to authenticate client workloads.
Trust providers can attest to, or affirm, workload identities and provide information about the environment in which they operate with high reliability and trustworthiness. These providers, when queried, can provide a cryptographically signed instance identity document that includes information about the underlying compute instance (e.g., EC2 instance) on which the workload runs. Aembit can then use an instance identity document, or service account token, to validate the instance’s attributes and use them to issue an appropriate access credential.
Trust providers may be either self-hosted or managed by cloud providers. Aembit supports the following TPs: