Key Manager Plus

Centralise and automate certificate and cryptographic key lifecycle

Organisations face certificate expiry incidents, scattered SSH and PGP keys, and manual renewal processes that increase operational risk and workload. Frequent short-lived certificates and mixed on-prem/cloud estates make keeping an accurate inventory and timely renewals difficult.

Key Manager Plus provides a single control plane for discovery, lifecycle automation, access control and auditing of certificates and keys. It automates discovery and renewal, stores keys in a vault, integrates with CAs and exposes APIs so teams can reduce manual effort and improve visibility.

Where Key Manager Plus is used

Automate discovery and renewal to remove manual expiry alerts and reduce service outages; schedule scans across servers, directories and stores to build a central inventory.

Manage SSH and PGP keys from a vault, generate audit reports, and use CA integrations and REST APIs to automate issuance and deployment across applications and infrastructure.

Fits within these solutions

Encryption & Key Management

Password Management

Delivery & deployment

On-Premises Software

Suitable environments

Fits mid-sized and large organisations with extensive on-prem server and network estates, centralised IT/security teams, hybrid cloud environments and regulated sectors; also useful to managed service providers who handle multiple client estates.

Benefits

Less manual work

Automation cuts routine certificate and key tasks and reduces operational load.

Lower expiry risk

Automated renewals and rotation reduce outages caused by expired certificates.

Faster provisioning

Integrations and workflows speed certificate issuance and deployment.

Better visibility

A central inventory and audit logs make it easier to track keys and certificates.

Vulnerability checks

Proactive TLS vulnerability scans help identify exposures such as Heartbleed or POODLE.

Hybrid estate fit

Works across on-prem and cloud components and supports mixed infrastructure discovery.

Capabilities

Automated discovery

Periodic scans discover SSL/TLS certificates, keys and certificate stores across servers, directories and devices.

Lifecycle management

Centralises storage and lifecycle records for encryption keys, certificates and SSH/PGP keys.

Automated renewal

Automates certificate renewal and key rotation to remove manual intervention and reduce expiry risk.

Access control & audit

Enforces access controls and records audit trails for key and certificate operations.

CA integrations

Integrates with public and private CAs (e.g. Let's Encrypt, DigiCert, MSCA) and supports private CA usage.

SSH & PGP keys

Creates, deploys, recycles and reports on SSH and PGP keys from a central vault.

APIs & automation

Provides RESTful APIs to let applications create, fetch and manage certificates and keys programmatically.

Applications

Avoid expiry outages

Use automated discovery and renewal to prevent service disruption from expired certificates in production services.

Automate Let's Encrypt

Integrate with Let's Encrypt and other CAs to automate short‑lived certificate issuance and renewal.

SSH key centralisation

Manage SSH keys across large on‑prem server fleets and MSP client estates from a single vault.

ITSM & MDM integration

Connect certificate lifecycle events to ITSM or MDM tools to reduce manual tickets and track changes.

Machine identity security

Store and rotate PGP and other machine keys to reduce key sprawl in automated systems.

API-driven automation

Expose REST APIs so applications and automation pipelines can request and retrieve certificates programmatically.