Secrets storage in Censhare Classic and Censhare Cloud
Introduction
Both, Censhare Cloud and Censhare Classic integrate the Secrets storage functionality. Different are the level of flexibility, management options, or kind of provided secrets storage.
The Censhare Classic system provides a high flexibility how the various Secrets storage options can be configured and managed. On the other side, everything must be setup and managed by Partner IT/Customer IT themselves. This carries weight especially when it comes to use a vault system.
The Censhare Cloud offering provides a managed vault system that is completely handled by Censhare IT. Censhare Server is setup to use the vault system as Secrets storage. Credentials for Censhare-Server-related services are managed via vault system. Other credentials are managed by Partner IT/Customer IT via Censhare Admin Client.
For a general introduction into secrets storage with Censhare Server, see Understand secrets storage.
Secrets storage compared at a glance
Censhare Classic | Censhare Cloud |
|---|---|
No Secrets storage configured (ready to setup) | Managed vault system (ready to use) |
High flexibility (partner/customer choice) | Less flexibility (managed system) |
Comparison between Censhare Cloud and Censhare Classic
Censhare Cloud | Censhare Classic | |
|---|---|---|
Management of the connected vault system | No. The central vault system in Censhare Cloud is run by Censhare IT. | Yes. By Customer IT/Partner IT |
Setup of the partition for the Censhare Server in the vault system | Censhare IT | Customer IT/Partner IT |
Selection of the credentials store | No. This is completely managed by Censhare IT. | Yes. You can decide to use a vault system, Secrets, XML configuration files, or a combination of it. |
Setup and use of Secrets file | No. It is fixed which services use the vault system and which are managed via Censhare Admin Client. | Yes. Selected via configuration. |
Access to the credentials for the configured services | Partially. Only for credentials that are managed via the Censhare Admin Client | Yes. As you own the vault sytem respective the machine running Censhare Server, you can access and change as you desire. |
Level of Management in Censhare Classic
In Censhare Classic - On-premise, Partner IT/Customer IT has full control about all places that are related to the usage of a secret storage:
vault system
Secrets file configuration
Configuration of Secrets storage access
Censhare Admin Client
All components of secrets storage setup (green) are managed by Partner IT/Censhare IT.
For now, Censhare Classic - SaaS allows the same functionality and configuration as the On-Premise option. Note that this is subject to change without further notice!
Level of Management in Censhare Cloud
In Censhare Cloud, the setup and management of the Secrets storage is done by Censhare IT. The following parts are handled by Censhare IT:
Central managed vault system
Configuration of Secrets storage access for the central managed vault system
For following services in the Censhare Server, the credentials are managed in the central vault system:
database
S3 filesystem
mail
Keycloak
Also the services themselves are managed by Censhare IT.
Note that this list is subject to change without further notice!
All other services and their credentials are managed by Partner IT/Customer IT via the Censhare Admin Client respective the associated XML configuration files.
Not available in Censhare Cloud:
Secrets file
The green components of secrets storage setup are managed by Partner IT/Censhare IT. The red components of secrets storage setup are managed by Censhare IT. Also the Virtual Machine is managed by Censhare IT. The Censhare Server is running on that machine.