Scytale Enterprise, an industry-first service identity platform, enables rapid and secure authentication with popular databases such as MySQL and PostgreSQL. The solution allows organizations to use Scytale Enterprise-issued identities (X.509 certificates) to directly authenticate to databases using their standard, built-in PKI authentication. Scytale Enterprise also doesn't require a secret store, relying instead on short-lived asymmetric keys, and encrypts all traffic to the database so it's secure even if your network is compromised.
Scytale Enterprise orchestrates a real-time, zero-trust attestation process that can lean on a configurable union of trusted third parties to provide a strongly attested identity (X.509 certificate), based on SPIFFE open standard (backed by the Cloud Native Computing Foundation). Service identity is thus conferred by a detailed set of identifying attributes of the service looking to authenticate to a database, rather than by the presence of a password, service ticket or an IP address. In addition, Scytale Enterprise service identities are based on automatically provisioned, short-lived asymmetric keys. These are more resilient in distributed systems and are not subject to replay attacks.
As newly minted identities are periodically renewed, Scytale Enterprise updates the relevant database server’s certificate and CA bundle with identities (certificates).
The database uses a Scytale Enterprise issued certificate to establish mTLS with services. Depending on the databases the process of fetching the certificate might vary. For example in MySQL, a user account can be configured to require that any client wishing to access it connect using an mTLS connection with a specific x509 subject line. Scytale Enterprise allows a workload to be configured to place a value in the Common Name section of the subject line, thus enabling only strongly authenticated services to use the MySQL account.
Secure access to databases
Scale authentication policies across platforms
Easily meet compliance needs
Reduce operational complexity in a hybrid environment