Limitations of the proposed solution
- A locked vault cannot be deleted by an administrator if the vault is not empty.
- Its ACLs cannot be changed.
- It cannot be renamed.
- It cannot have proxy settings that are enabled.
- Multiple keys for a single account are not supported.
- No mechanism exists to recover lost keys.
- All locked vault creation must be performed via the Manager REST API, not the CSO API.
- External PKI is not supported.
- Users are not allowed to mirror existing locked vaults. However, they can create two mirrored locked vaults.
- A locked mirror cannot be deleted.
- The SSH key configuration from the administration page should be disabled because this option allows centralized management of SSH keys across all devices in the system.