Enterprise-Level Digital Certificate and Cryptographic Key Management with ArangoDB
"Due to strict terms and conditions of the none-disclosure agreement, we are not at liberty to reveal information about the company. We thank you for understanding and hope that you will still find this use case interesting. We would like to express special gratitude to Kurt. K for agreeing and taking the time to write this use case."
by Kurt K., A Fortune 100 company
Digital certificate and cryptographic key management needs are complex. In addressing this situation, our goal was to create a system that allowed for:
- Extremely complex data
- Secure storage and delivery
- Secure, multi-tier access
- Massive scalability
- Robust recoverability
- Real-time data
- Effectively zero downtime
- Many, many thousands of cryptographic keys and digital certificates
To accomplish this, we had to account for different cryptographic needs (key rotation, key generation, key registration, certificate rotation, etc.) across many distinctly separate use cases, while handling existing pockets of group knowledge, while meeting internal and external audit/regulatory requirements. In addition, we had a need to map relationships between data to an arbitrary depth. Needless to say, all of this had to be blazing fast.
Needless to say, all of this had to be blazing fast.
Users and administrators needed the ability to submit and process requests, check system health, and retrieve required information at any time, in widely varying use cases. Very quickly it became clear a NoSQL database was required that was both a document database and a graph database.
The problem with existing key and certificate management solutions is their rigidity and relatively narrow scope. We needed flexibility to handle complex application and user needs on-the-fly, manage arbitrary key and encryption requirements, create associations between data, and create infinitely configurable and customizable workflows. AQL has given us the ability to create what would otherwise be unthinkably complicated requests with relative ease.
Clustering gave us the ability to easily spin up a robust, fault tolerant data store, giving us the ability to handle multi-dimensional, complex data.
Leveraging existing cryptographic infrastructure, we used ArangoDB as the Source of Truth for associating certificates and key IDs with applications, servers, services, users, and use cases. Using custom web interface code, ArangoDB provides the support for the Registration Authority and Key/Certificate Management Authority in determining access rights and providing pro-active notifications of renewals, expirations, and rotations to interdependent users, servers, and services.
Clustering gave us the ability to easily spin up a robust, fault tolerant data store, giving us the ability to handle multi-dimensional, complex data. ArangoDB has enabled us to create a single interface point to handle any number of enterprise cryptographic needs, in addition to reducing tedious, time consuming tasks–handled by countless users and application owners–into a centralized, highly-robust enterprise service.
Importance of key characteristics of ArangoDB
|Factor||not important||important||very important|
|Feature set||not important||important||very important|
|AQL / JOINs||x|
Big thanks to Kurt K. for investing time to write this use case!
If you have any questions regarding this use case, feel free to contact us mentioning the use case title in your message. We will forward your questions to the author.