Limitations of the proposed solution

  • A locked vault cannot be deleted by an administrator if the vault is not empty.
  • Its ACLs cannot be changed.
  • It cannot be renamed.
  • It cannot have proxy settings that are enabled.
  • Multiple keys for a single account are not supported.
  • No mechanism exists to recover lost keys.
  • All locked vault creation must be performed via the Manager REST API, not the CSO API.
  • External PKI is not supported.
  • Users are not allowed to mirror existing locked vaults. However, they can create two mirrored locked vaults.
  • A locked mirror cannot be deleted.
  • The SSH key configuration from the administration page should be disabled because this option allows centralized management of SSH keys across all devices in the system.