Secretless authentication into public cloud providers

D31949a5 63a9 483c ba97 8a52c5b606bd uc 2

Solution Overview:

Scytale Enterprise, an industry-first service identity platform, enables secure and rapid authentication with public cloud providers such as Amazon Web Services (AWS). The solution allows organizations to use Scytale Enterprise-issued identities (X.509 certificates) to directly authenticate to public cloud providers using OpenID Connect (OIDC) federation. The solution allows you to federate trust across multiple cloud providers and technology platforms without the need to generate or manage secrets.

How does it work?

  • E5de1bd5 7b40 44da bfb5 be099eeae141 encription
    Scytale Enterprise Issues cryptographic, strongly attested, identity-based upon an open standard (SPIFFE) to the web-service

    Scytale Enterprise orchestrates a real-time, zero-trust attestation process that can lean on a configurable union of trusted third parties to provide a strongly attested identity (X.509 certificate), based on SPIFFE open standard (backed by the Cloud Native Computing Foundation). Service identity is thus conferred by a detailed set of identifying attributes of the service looking to authenticate (in this case the Web Service) to a cloud provider resource, rather than by the presence of a password, service ticket or an IP address. In addition, Scytale Enterprise service identities are based on automatically provisioned, short-lived asymmetric keys. These are more resilient in distributed systems and are not subject to replay attacks. 

  • Scytale%2fb507a0d8 61de 47fe 803e ab3b89b3e96e process
    The Web Service accesses the AWS S3 bucket using Scytale Enterprise JWT-based service identity

    The Web Service uses its newly minted identity to request access through AWS S3 API.   AWS validates the identity of the Web Service by using Scytale Enterprise provided public keys. Once verified, provided that AWS IAM can confirm that the requested role is allowed, an STS token for the role is provided to the AWS SDK client (this is invisible to the programmer), and the Web Service is able to access the S3 bucket without the need to keep or manage any AWS secrets.


  • C5376f40 d240 49e0 b1a9 f011de31da92 complexity

    Reduce operational complexity in a hybrid environment

  • A5495096 573c 4aa2 819e d6ba4a8f1788 secure db

    Secure access to public cloud-based resources

  • Scytale%2f748105e5 8ccd 4a7f a0fe d452959ce901 performance

    Scale authentication policies across the platforms

  • Scytale%2f3b893a4d 932f 4770 8235 588fbc7d908e cloud ok

    Easily meet compliance needs

View more use cases

2020 Copyright Scytale Inc