Identities

An identity in CryptVault can be anything that should have one or more of the following capabilities

• Be able to create or read secrets
• Manage other identities
• Be able to manage the Vault

Typically you will create identities for

• Server applications (services, database, microservices, FaaS,…)
• CI/CD pipelines
• as a team key in CryptVault and anything else that needs access to CryptVault content.

An important part of identities are their rights.

An identity that is allowed to create other identities can only give them the maximum rights that the identity itself has.

An example to show how identities create new identities and how permissions are dominated by its parent identity: