Capability guide

Secrets brokering

Users authenticate as themselves. Targets never see them. Ixiea retrieves credentials from your vault at connect time, injects them in the brokered session, and ensures operators never copy standing passwords.

See the platform See how it works

VaultAWS SMBuilt-in

Operator

IdP identity

Named user

Gateway

Retrieve · inject

At handshake

Target

SSH · RDP · DB

Sees broker

Vault pull

Connect-time fetch

Asset account

No checkout

Not in UI or history

Session-scoped use

Brokered · not copied

Disconnect ends credential use

Credentials injected at connect time. Operators never hold standing secrets.

Brokered credential model

The operator proves identity to Ixiea. The gateway retrieves the target credential from HashiCorp Vault, AWS Secrets Manager, or the built-in vault — injects it during protocol handshake — and never exposes it in the client UI or shell history. Disconnect ends the credential's use for that session.

Operator (IdP identity)

Ixiea gateway

Retrieve · inject at handshake · never expose in UI

Vault

AWS SM

Built-in

Target session (broker principal)

Disconnect ends credential use for that session

Password checkout

P@ssw0rd!copied → shell history

Audit: who copied at 2am

Secrets brokering

Secret stays in gateway — operator never holds it

Audit: who opened session · what ran

Different from password checkout

Checkout workflows give humans copyable secrets. Brokering keeps secrets in the gateway boundary. Audit shows who opened a session and what they did — not merely who copied a password at 2am.

Rotation and lifecycle

Pair brokering with vault rotation policies so injected credentials are always current. When a credential rotates, the next session picks up the new value — no manual kubeconfig or SSH key distribution. Account discovery and push patterns can feed the vault without operators in the loop.

Rotation policy

auto

Vault current

k8s-prod / deploy-sa

Next brokered session

Injects new value — no manual kubeconfig or SSH key distribution

Emergency grant

TTL 1h

2 approvers

Recording on

Same brokering path

Time-boxed grant · full attribution · no wiki password

Break-glass without shared clipboards

Emergency access uses the same brokering path with shorter TTL, extra approvers, and mandatory recording. There is no shared break-glass password in a wiki — only a time-boxed grant with full attribution.

Operational docs

Ready to deploy? Continue in documentation

Related guides

Ready to evaluate?

See the platform on your architecture

Walk through gateway brokering, recording, and audit exports in a working session — or browse the illustrated product flow first.

Book a working session View all modules

Secrets brokering

Brokered credential model

Different from password checkout

Rotation and lifecycle

Break-glass without shared clipboards

Ready to deploy? Continue in documentation

Keep reading

Identity-bound policy

Just-in-time access

Account & credential automation

See the platform on your architecture