Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Applies to: (tick) Kyvos Enterprise  (tick) Kyvos Cloud (SaaS on AWS) (tick) Kyvos AWS Marketplace

...

Panel
panelIconIdatlassian-note
panelIcon:note:
bgColor#DEEBFF

Note

  • From Kyvos 2024.9 onwards, post deployment, you can choose to keep the secret information non-encrypted by selecting the None option, which keeps the values in plain text.

  • From Kyvos 2023.3 onwards, you can see the last operation details, including progress status and start time. To view more comprehensive details, simply click the View Details link, which will take you to the Operations page where you can view the operation information in detail. 

The Manage Credentials feature in Kyvos Manager enables you to:

...

  1. On the Kyvos Manager navigation pane, click Manage Credentials.

  2. Click Change repository password.

  3. On the displayed Encryption Algorithm dialog box, select the encryption from any of the following options.

    1. DEFAULT: MD5 encryption for Kyvos user login password and DES for saved passwords for other servicesAES_GCM: This mode operates by XOR'ing (eXclusive OR) each block with the previous block and cannot be written in parallel. Kyvos supports both 128 and 256 variants for this. This is the default option applied to all clusters at the time of deployment Kyvos version 2023.3 onwards.

    2. AES_CBC: In this mode, each ciphertext block is dependent on all plain text blocks processed up to that point. Kyvos supports both 128 and 256 variants for this.

    3. AES_CFB: This mode can be used as a stream cipher. First, it encrypts the IV, and then it will xor with the plain text block to get ciphertext. Then CFB encrypts the encryption result to xor the plain text. It needs an IV. Kyvos supports both 128 and 256 variants for this.

    4. AES_GCM: This mode operates by XOR'ing (eXclusive OR) each block with the previous block and cannot be written in parallel. Kyvos supports both 128 and 256 variants for this. This is the default option.

    5. None: Use this option to keep the secret values in plain text. In this case, no encryption will be applied to the secrets being saved in the Key Vault/Secrets Manager.

    6. DEFAULT: This is the MD5 encryption for Kyvos user login password and DES for saved passwords for other services for Kyvos clusters to support backward compatibility, in case the cluster was deployed on a version prior to version 2023.3.

  4. Provide Kyvos Manager Password to continue.

  5. Click the Save button to save your changes.

...

Kyvos Manager allows you to migrate your repository passwords (like SMTP, LDAP, Repository, OIDC, etc.) from the configuration file to a secrets manager like AWS Secrets Manager, Azure Key Vault, or GCP Secrets Manager.

...