Secure, Rapid Database Authentication

4ad96eeb 849c 46ce a7a8 de1991d45967 uc 1

Solution Overview

Scytale Enterprise, an industry-first service identity platform, enables rapid and secure authentication with popular databases such as MySQL and PostgreSQL. The solution allows organizations to use Scytale Enterprise-issued identities (X.509 certificates) to directly authenticate to databases using their standard, built-in PKI authentication. Scytale Enterprise also doesn't require a secret store, relying instead on short-lived asymmetric keys, and encrypts all traffic to the database so it's secure even if your network is compromised.

How it works

  • B4250944 f29d 4d26 a9fe 451c01bae163 certificate multi
    Scytale Enterprise Issues cryptographic, strongly attested, service identity based upon an open standard (SPIFFE)

    Scytale Enterprise orchestrates a real-time, zero-trust attestation process that can lean on a configurable union of trusted third parties to provide a strongly attested identity (X.509 certificate), based on SPIFFE open standard (backed by the Cloud Native Computing Foundation). Service identity is thus conferred by a detailed set of identifying attributes of the service looking to authenticate to a database, rather than by the presence of a password, service ticket or an IP address. In addition, Scytale Enterprise service identities are based on automatically provisioned, short-lived asymmetric keys. These are more resilient in distributed systems and are not subject to replay attacks.

  • 7fa871e9 34c4 4ac1 98f0 9971f01aa149 certificate single
    Scytale Enterprise periodically updates the database server’s certificate and CA bundle

    As newly minted identities are periodically renewed, Scytale Enterprise updates the relevant database server’s certificate and CA bundle with identities (certificates).

  • E5de1bd5 7b40 44da bfb5 be099eeae141 encription
    Scytale Enterprise Enables PKI based authentication between databases and services

    The database uses a Scytale Enterprise issued certificate to establish mTLS with services. Depending on the databases the process of fetching the certificate might vary. For example in MySQL, a user account can be configured to require that any client wishing to access it connect using an mTLS connection with a specific x509 subject line. Scytale Enterprise allows a workload to be configured to place a value in the Common Name section of the subject line, thus enabling only strongly authenticated services to use the MySQL account.


  • A5495096 573c 4aa2 819e d6ba4a8f1788 secure db

    Secure access to databases

  • 4caa3044 4dcd 4862 a792 4ff2938fb983 doublecloud alt

    Scale authentication policies across platforms

  • Decd8d6d ec49 423b 8bdd cbebb16acbd8 programming search browser alt

    Easily meet compliance needs

  • C5376f40 d240 49e0 b1a9 f011de31da92 complexity

    Reduce operational complexity in a hybrid environment

View more use cases

2020 Copyright Scytale Inc