Documentation Suite v25.4

Submit Search

Interoperability

This page summarizes Keyfactor Command's interoperability across common formats, algorithms, enrollment Certificate enrollment refers to the process by which a user requests a digital certificate. The user must submit the request to a certificate authority (CA). protocols, HSMs, and relevant standards. It highlights what’s officially supported, what’s been validation-tested, and what is known to be compatible in customer environments. It isn’t an exhaustive list of every possible integration.

What Supported Means

Supported: Actively covered by product design and QA; eligible for standard support.
Validation-tested: Tested with specific versions or profiles; support is best-effort if you deviate.
Compatible: Known to work, but not in current test matrix; support limited to guidance.

Specifications

This section lists Keyfactor Command’s supported certificate formats and standards, algorithms and key types, and certificate enrollment protocols to help you verify compatibility and plan integrations.

Certificate Formats and Standards

Keyfactor Command supports the following formats and standards.

Table 1: Certificate Formats and Standards

Supported Standard	External Reference	Documentation
X.509/PKIX: Certificate and CRL Profile	RFC 5280	Certificate Operations Certificate Details: Certificate Details
PEM: Textual Encodings of PKIX, PKCS, and CMS Structures	RFC 7468	Certificate Operations: Download PFX Enrollment CSR Enrollment Add Certificate
PKCS#10: Certification Request Syntax	RFC 2986	CSR Generation CSR Enrollment
PKCS#7: Cryptographic Message Syntax	RFC 5652	Certificate Operations: Download Add Certificate
PKCS#12: Personal Information Exchange Syntax	RFC 7292	Certificate Operations: Download PFX Enrollment Add Certificate
RFC 9525: Service Identity in TLS (obsoletes RFC 6125; see also RFC 2818)	RFC 2818 RFC 9525	Enrollment Pattern Operations: System-Wide: Policies Tab

Key Usage

Keyfactor Command supports the following key usages:

Table 2: Key Usages

Function	Description
None	No key usage parameters.
Encipherment Only	The key can be used for encryption only.
CRL Signing	The key can be used to sign a certificate revocation list (CRL).
Key Certificate Signing	The key can be used to sign certificates.
Key Agreement	The key can be used to determine key agreement, such as a key created using the Diffie-Hellman key agreement algorithm.
Data Encipherment	The key can be used for data encryption.
Key Encipherment	The key can be used for key encryption.
Nonrepudiation	The key can be used for authentication.
Digital Signature	The key can be used as a digital signature.

Extended Key Usages

The following table lists the extended key usages (EKUs) supported by Keyfactor Command. The CA column shows whether each EKU is supported by Microsoft CAs or included by default in EJBCA. EJBCA also allows the creation of custom, user-defined EKUs beyond those indicated here.

Tip: Use the GET /Templates/ExtendedKeyUsages method (see GET Templates Extended Key Usages) to programmatically retrieve a list of all the EKUs defined in Keyfactor Command.

Category	CA	OID	Friendly Name	Typical Use
Common and Standard	Microsoft EJBCA	1.3.6.1.5.2.3.4	Kerberos Client Authentication	PKINIT client
Common and Standard	Microsoft EJBCA	1.3.6.1.5.2.3.5	Kerberos KDC	Domain controller (Kerberos)
Common and Standard	Microsoft EJBCA	1.3.6.1.5.5.7.3.1	Server Authentication	TLS/SSL server certificates
Common and Standard	Microsoft EJBCA	1.3.6.1.5.5.7.3.2	Client Authentication	TLS client/mutual authentication
Common and Standard	Microsoft EJBCA	1.3.6.1.5.5.7.3.3	Code Signing	Software signing, executables, scripts
Common and Standard	Microsoft EJBCA	1.3.6.1.5.5.7.3.4	Email Protection	S/MIME encryption and signing
Common and Standard	Microsoft EJBCA	1.3.6.1.5.5.7.3.8	Time Stamping	Timestamp Authority (TSA)
Common and Standard	Microsoft EJBCA	1.3.6.1.5.5.7.3.9	OCSP Signing	OCSP responder certificate
Common and Standard	Microsoft EJBCA	2.5.29.37.0	Any Extended Key Usage	Universal (“any purpose”) — rarely recommended
Document and PDF Signing	Microsoft EJBCA	1.2.840.113583.1.1.5	PDF Signing	Adobe/Acrobat digital signatures
Document and PDF Signing	Microsoft EJBCA	1.3.6.1.4.1.311.10.3.12	Document Signing	Office and document signing
Document and PDF Signing	Microsoft EJBCA	1.3.6.1.5.5.7.3.36	RFC 9336 Document Signing	Modern generic document signing
Microsoft Enterprise and Application	Microsoft EJBCA	1.3.6.1.4.1.311.10.3.1	Microsoft Trust List Signing	CTL signing
Microsoft Enterprise and Application	Microsoft EJBCA	1.3.6.1.4.1.311.10.3.10	Qualified Subordination	Subordinate CA chaining
Microsoft Enterprise and Application	Microsoft EJBCA	1.3.6.1.4.1.311.10.3.11	Key Recovery	Key escrow/recovery agents
Microsoft Enterprise and Application	Microsoft EJBCA	1.3.6.1.4.1.311.10.3.13	Lifetime Signing	Long-term timestamping
Microsoft Enterprise and Application	Microsoft EJBCA	1.3.6.1.4.1.311.10.3.19	Revoked List Signer	Certificate revocation list (CRL) signing
Microsoft Enterprise and Application	Microsoft EJBCA	1.3.6.1.4.1.311.10.3.2	Microsoft Time Stamping	Microsoft timestamp service
Microsoft Enterprise and Application	Microsoft EJBCA	1.3.6.1.4.1.311.10.3.20	Windows Kit Component	Windows SDK component signing
Microsoft Enterprise and Application	Microsoft EJBCA	1.3.6.1.4.1.311.10.3.21	Windows RT Verification	RT build signing
Microsoft Enterprise and Application	Microsoft EJBCA	1.3.6.1.4.1.311.10.3.22	Protected Process Light Verification	Protected process signing
Microsoft Enterprise and Application	Microsoft EJBCA	1.3.6.1.4.1.311.10.3.23	Windows TCB Component	Trusted Computing Base signing
Microsoft Enterprise and Application	Microsoft EJBCA	1.3.6.1.4.1.311.10.3.24	Protected Process Verification	Secure process validation
Microsoft Enterprise and Application	Microsoft EJBCA	1.3.6.1.4.1.311.10.3.25	Third Party Application Component	Third-party application signing
Microsoft Enterprise and Application	Microsoft EJBCA	1.3.6.1.4.1.311.10.3.26	Software Extension Verification	Windows extension signing
Microsoft Enterprise and Application	Microsoft EJBCA	1.3.6.1.4.1.311.10.3.27	Preview Build Signing	Insider/pre-release Windows builds
Microsoft Enterprise and Application	Microsoft EJBCA	1.3.6.1.4.1.311.10.3.30	Disallowed List	Microsoft disallowed certificate list
Microsoft Enterprise and Application	Microsoft EJBCA	1.3.6.1.4.1.311.10.3.37	Isolated User Mode	IUM process signing
Microsoft Enterprise and Application	Microsoft EJBCA	1.3.6.1.4.1.311.10.3.39	Hardware Driver Extended Verification	Hardware driver extended validation
Microsoft Enterprise and Application	Microsoft EJBCA	1.3.6.1.4.1.311.10.3.4	Encrypted File System (EFS)	File encryption keys
Microsoft Enterprise and Application	Microsoft EJBCA	1.3.6.1.4.1.311.10.3.4.1	EFS Recovery	Recovery agent certs
Microsoft Enterprise and Application	Microsoft EJBCA	1.3.6.1.4.1.311.10.3.42	Enclave	SGX/Enclave attestation signing
Microsoft Enterprise and Application	Microsoft EJBCA	1.3.6.1.4.1.311.10.3.5	Windows Hardware Driver Verification	Kernel-mode driver signing
Microsoft Enterprise and Application	Microsoft EJBCA	1.3.6.1.4.1.311.10.3.5.1	Attested Hardware Driver Verification	WHQL attested drivers
Microsoft Enterprise and Application	Microsoft EJBCA	1.3.6.1.4.1.311.10.3.6	Windows System Component Verification	OS component signing
Microsoft Enterprise and Application	Microsoft EJBCA	1.3.6.1.4.1.311.10.3.7	OEM System Component Verification	OEM system components
Microsoft Enterprise and Application	Microsoft EJBCA	1.3.6.1.4.1.311.10.3.8	Embedded System Component Verification	Embedded OS components
Microsoft Enterprise and Application	Microsoft EJBCA	1.3.6.1.4.1.311.10.3.9	Root List Signer	Microsoft root list
Microsoft Enterprise and Application	Microsoft EJBCA	1.3.6.1.4.1.311.10.5.1	Digital Rights	DRM certificate
Microsoft Enterprise and Application	Microsoft EJBCA	1.3.6.1.4.1.311.10.6.1	Key Pack Licenses	License distribution
Microsoft Enterprise and Application	Microsoft EJBCA	1.3.6.1.4.1.311.10.6.2	License Server Verification	RDS licensing server certs
Microsoft Enterprise and Application	Microsoft EJBCA	1.3.6.1.4.1.311.20.1	CTL Usage	Certificate Trust List
Microsoft Enterprise and Application	Microsoft EJBCA	1.3.6.1.4.1.311.2.1.21	Individual Code Signing	Personal code signing
Microsoft Enterprise and Application	Microsoft EJBCA	1.3.6.1.4.1.311.2.1.22	Commercial Code Signing	Vendor code signing
Microsoft Enterprise and Application	Microsoft EJBCA	1.3.6.1.4.1.311.20.2.1	Enrollment Agent	Allows an authorized agent to enroll on behalf of another user/device (e.g., smart-card issuance workflows).
Microsoft Enterprise and Application	Microsoft EJBCA	1.3.6.1.4.1.311.20.2.2	Smart Card Logon	Windows domain smart-card logon
Microsoft Enterprise and Application	Microsoft EJBCA	1.3.6.1.4.1.311.2.6.1	SpcRelaxedPEMarkerCheck	Internal Microsoft signing use
Microsoft Enterprise and Application	Microsoft EJBCA	1.3.6.1.4.1.311.2.6.2	SpcEncryptedDigestRetryCount	Internal Microsoft signing use
Microsoft Enterprise and Application	Microsoft EJBCA	1.3.6.1.4.1.311.21.5	CA Key Exchange	Internal CA key exchange cert
Microsoft Enterprise and Application	Microsoft EJBCA	1.3.6.1.4.1.311.21.6	Key Recovery Agent	Used for EFS/archival key recovery agents.
Microsoft Enterprise and Application	Microsoft EJBCA	1.3.6.1.4.1.311.54.1.2	Remote Desktop Authentication	RDP server certificates
Microsoft Enterprise and Application	Microsoft EJBCA	1.3.6.1.4.1.311.60.3.1	Auto Update CA Revocation	Root program update CA revocation
Microsoft Enterprise and Application	Microsoft EJBCA	1.3.6.1.4.1.311.60.3.2	Auto Update End Revocation	Root program end-entity revocation
Microsoft Enterprise and Application	Microsoft EJBCA	1.3.6.1.4.1.311.60.3.3	No OCSP Failover to CRL	Root program policy
Microsoft Enterprise and Application	Microsoft EJBCA	1.3.6.1.4.1.311.61.1.1	Kernel Mode Code Signing	Kernel-mode driver certs
Microsoft Enterprise and Application	Microsoft EJBCA	1.3.6.1.4.1.311.61.4.1	Early Launch Antimalware Driver	Boot-time AV driver signing
Microsoft Enterprise and Application	Microsoft EJBCA	1.3.6.1.4.1.311.61.5.1	HAL Extension	Hardware abstraction layer components
Microsoft Enterprise and Application	Microsoft EJBCA	1.3.6.1.4.1.311.64.1.1	DNS Server Trust	DNS server certificate trust
Microsoft Enterprise and Application	Microsoft EJBCA	1.3.6.1.4.1.311.76.3.1	Windows Store	Microsoft Store publisher certs
Microsoft Enterprise and Application	Microsoft EJBCA	1.3.6.1.4.1.311.76.5.1	Dynamic Code Generator	JIT or dynamic code signing
Microsoft Enterprise and Application	Microsoft EJBCA	1.3.6.1.4.1.311.76.6.1	Windows Update	Windows Update service signing
Microsoft Enterprise and Application	Microsoft EJBCA	1.3.6.1.4.1.311.76.8.1	Microsoft Publisher	Office or Store publishing
Microsoft Enterprise and Application	Microsoft EJBCA	1.3.6.1.4.1.311.80.1	Document Encryption	RMS or document protection
Microsoft Enterprise and Application	Microsoft EJBCA	1.3.6.1.4.1.311.92.1.1	Windows Hello Recovery Key Encryption	Hello recovery key management
Network, VPN, and Secure Channel Use	Microsoft EJBCA	1.3.6.1.5.5.7.3.13	EAP over PPP	802.1X authentication
Network, VPN, and Secure Channel Use	Microsoft EJBCA	1.3.6.1.5.5.7.3.14	EAP over LAN (EAPOL)	802.1X authentication on wired/wireless
Network, VPN, and Secure Channel Use	Microsoft EJBCA	1.3.6.1.5.5.7.3.15	SCVP Server	Server for Simple Certificate Validation Protocol
Network, VPN, and Secure Channel Use	Microsoft EJBCA	1.3.6.1.5.5.7.3.16	SCVP Client	SCVP client cert
Network, VPN, and Secure Channel Use	Microsoft EJBCA	1.3.6.1.5.5.7.3.17	Internet Key Exchange for IPsec	IKE/IPsec VPN gateways
Network, VPN, and Secure Channel Use	Microsoft EJBCA	1.3.6.1.5.5.7.3.20	SIP Domain	VoIP / SIP domain authentication
Network, VPN, and Secure Channel Use	Microsoft EJBCA	1.3.6.1.5.5.7.3.21	SSH Client	Client certificate for SSH (RFC 8709)
Network, VPN, and Secure Channel Use	Microsoft EJBCA	1.3.6.1.5.5.7.3.22	SSH Server	SSH host key certification (RFC 8709)
Network, VPN, and Secure Channel Use	Microsoft EJBCA	1.3.6.1.5.5.7.3.5	IP Security End System	IPsec host certificates for end systems
Network, VPN, and Secure Channel Use	Microsoft EJBCA	1.3.6.1.5.5.7.3.6	IP Security Tunnel Termination	IPsec gateways or tunnel endpoints
Network, VPN, and Secure Channel Use	Microsoft EJBCA	1.3.6.1.5.5.7.3.7	IP Security User	IPsec users performing key exchange (IKE)
Network, VPN, and Secure Channel Use	Microsoft EJBCA	1.3.6.1.5.5.8.2.2	IP Security IKE Intermediate	Intermediate cert used in IKE/IPsec authentication (RFC 4945)
Regulatory / Industry-Specific	Microsoft EJBCA	0.4.0.2231.3.0	ETSI TSL Signing	EU Trusted List signing
Regulatory / Industry-Specific	Microsoft EJBCA	1.2.203.7064.1.1.369791.1 / .2	CSN 369791 TLS client/server	Czech national standard (CSN)
Regulatory / Industry-Specific	Microsoft EJBCA	2.16.840.1.101.3.6.8	PIV Card Authentication	U.S. federal PIV smart cards
Regulatory / Industry-Specific	Microsoft EJBCA	2.16.840.1.113741.1.2.3	Intel AMT Management	Intel Active Management Technology
Regulatory / Industry-Specific	Microsoft EJBCA	2.23.136.1.1.3	ICAO Master List Signing	ePassport trust list signing
Regulatory / Industry-Specific	Microsoft EJBCA	2.23.136.1.1.8	ICAO Deviation List Signing	ePassport deviation list signing
TPM and Hardware Attestation	Microsoft EJBCA	2.23.133.8.1	Endorsement Key Certificate	TPM hardware endorsement key
TPM and Hardware Attestation	Microsoft EJBCA	2.23.133.8.2	Platform Certificate	Hardware platform binding certificate
TPM and Hardware Attestation	Microsoft EJBCA	2.23.133.8.3	Attestation Identity Key Certificate	TPM attestation/AIK certificate

Algorithms and Key Types

Keyfactor Command supports the following algorithm types, key size The key size or key length is the number of bits in a key used by a cryptographic algorithm., curves, and parameter A parameter or argument is a value that is passed into a function in an application. sets.

Table 3: Algorithms and Key Types

Algorithm

Key Size / Curve / Parameter Set

Notes

External Reference

Documentation

ECDSA

Show ECDSA OIDs.

Name	OID
B-571	1.3.132.0.39
B-409	1.3.132.0.37
B-283	1.3.132.0.17
B-233	1.3.132.0.27
B-163	1.3.132.0.15
brainpoolP160r1	1.3.36.3.3.2.8.1.1.1
brainpoolP160t1	1.3.36.3.3.2.8.1.1.2
brainpoolP192r1	1.3.36.3.3.2.8.1.1.3
brainpoolP192t1	1.3.36.3.3.2.8.1.1.4
brainpoolP224r1	1.3.36.3.3.2.8.1.1.5
brainpoolP224t1	1.3.36.3.3.2.8.1.1.6
brainpoolP256r1	1.3.36.3.3.2.8.1.1.7
brainpoolP256t1	1.3.36.3.3.2.8.1.1.8
brainpoolP320r1	1.3.36.3.3.2.8.1.1.9
brainpoolP320t1	1.3.36.3.3.2.8.1.1.10
brainpoolP384r1	1.3.36.3.3.2.8.1.1.11
brainpoolP384t1	1.3.36.3.3.2.8.1.1.12
brainpoolP512r1	1.3.36.3.3.2.8.1.1.13
brainpoolP512t1	1.3.36.3.3.2.8.1.1.14
c2pnb163v1	1.2.840.10045.3.0.1
c2pnb163v2	1.2.840.10045.3.0.2
c2pnb163v3	1.2.840.10045.3.0.3
c2pnb176w1	1.2.840.10045.3.0.4
c2pnb208w1	1.2.840.10045.3.0.10
c2pnb272w1	1.2.840.10045.3.0.16
c2pnb304w1	1.2.840.10045.3.0.17
c2pnb368w1	1.2.840.10045.3.0.19
c2tnb191v1	1.2.840.10045.3.0.5
c2tnb191v2	1.2.840.10045.3.0.6
c2tnb191v3	1.2.840.10045.3.0.7
c2tnb239v1	1.2.840.10045.3.0.11
c2tnb239v2	1.2.840.10045.3.0.12
c2tnb239v3	1.2.840.10045.3.0.13
c2tnb359v1	1.2.840.10045.3.0.18
c2tnb431r1	1.2.840.10045.3.0.20
FRP256v1	1.2.250.1.223.101.256.1
K-571	1.3.132.0.38
K-409	1.3.132.0.36
K-283	1.3.132.0.16
K-233	1.3.132.0.26
K-163	1.3.132.0.1
P-521	1.3.132.0.35
P-384	1.3.132.0.34
P-256	1.2.840.10045.3.1.7
P-224	1.3.132.0.33
P-192	1.2.840.10045.3.1.1
prime192v1	1.2.840.10045.3.1.1
prime192v2	1.2.840.10045.3.1.2
prime192v3	1.2.840.10045.3.1.3
prime239v1	1.2.840.10045.3.1.4
prime239v2	1.2.840.10045.3.1.5
prime239v3	1.2.840.10045.3.1.6
prime256v1	1.2.840.10045.3.1.7
secp112r1	1.3.132.0.6
secp112r2	1.3.132.0.7
secp128r1	1.3.132.0.28
secp128r2	1.3.132.0.29
secp160k1	1.3.132.0.9
secp160r1	1.3.132.0.8
secp160r2	1.3.132.0.30
secp192k1	1.3.132.0.31
secp192r1	1.2.840.10045.3.1.1
secp224k1	1.3.132.0.32
secp224r1	1.3.132.0.33
secp256k1	1.3.132.0.10
secp256r1	1.2.840.10045.3.1.7
secp384r1	1.3.132.0.34
secp521r1	1.3.132.0.35
sect113r1	1.3.132.0.4
sect113r2	1.3.132.0.5
sect131r1	1.3.132.0.22
sect131r2	1.3.132.0.23
sect163k1	1.3.132.0.1
sect163r1	1.3.132.0.2
sect163r2	1.3.132.0.15
sect193r1	1.3.132.0.24
sect193r2	1.3.132.0.25
sect233k1	1.3.132.0.26
sect233r1	1.3.132.0.27
sect239k1	1.3.132.0.3
sect283k1	1.3.132.0.16
sect283r1	1.3.132.0.17
sect571r1	1.3.132.0.39
sm2p256v1	1.2.156.10197.1.301
wapip192v1	1.2.156.10197.1.301.101

Supported as the primary key for enrollment.
Supported for CSR generation.
Supported for certificate import/synchronization.

EdDSA

Name	Value
Ed448	1.3.101.113
Ed25519	1.3.101.112

Supported as the primary key for enrollment.
Supported for CSR generation.
Supported for certificate import/synchronization.

RFC 8032

RFC 8410

ML-DSA

Name	Value
ML-DSA-44	2.16.840.1.101.3.4.3.17
ML-DSA-65	2.16.840.1.101.3.4.3.18
ML-DSA-87	2.16.840.1.101.3.4.3.19

Supported as either the primary or secondary key (hybrid certificates) for enrollment.
An ML-DSA primary key cannot be used for a hybrid certificate (a certificate with both a primary and alternative key).
Supported for CSR generation.
Supported for certificate import/synchronization.

FIPS 204

RSA

Name

Value

RSA Key SIzes

1024
2048
3072
4096
6144
8192
16384

1.2.840.113549.1.1.1

Supported as the primary key for enrollment.
Supported for CSR generation.
Supported for certificate import.
On certificate import/synchronization, other key sizes are accepted (e.g., 512).

SLH-DSA

Name	Value
SLH-DSA-SHA2-128f	2.16.840.1.101.3.4.3.21
SLH-DSA-SHA2-128s	2.16.840.1.101.3.4.3.20
SLH-DSA-SHA2-192f	2.16.840.1.101.3.4.3.23
SLH-DSA-SHA2-192s	2.16.840.1.101.3.4.3.22
SLH-DSA-SHA2-256f	2.16.840.1.101.3.4.3.25
SLH-DSA-SHA2-256s	2.16.840.1.101.3.4.3.24
SLH-DSA-SHAKE-128f	2.16.840.1.101.3.4.3.27
SLH-DSA-SHAKE-128s	2.16.840.1.101.3.4.3.26
SLH-DSA-SHAKE-192f	2.16.840.1.101.3.4.3.29
SLH-DSA-SHAKE-192s	2.16.840.1.101.3.4.3.28
SLH-DSA-SHAKE-256f	2.16.840.1.101.3.4.3.31
SLH-DSA-SHAKE-256s	2.16.840.1.101.3.4.3.30

Supported as either the primary or secondary key (hybrid certificates) for enrollment.
A SLH-DSA primary key cannot be used for a hybrid certificate (a certificate with both a primary and alternative key).
Supported for CSR generation.
Supported for certificate import/synchronization.

FIPS 205

Certificate Enrollment Protocols

For specific features supported in each protocol, see the detailed documentation.

Table 4: Certificate Enrollment Protocols

Protocol/Interface	Notes	External Reference	Documentation
Automatic Certificate Management Environment (ACME)	Supports issuance, renewal, and revocation of certificates. Compatible with a wide variety of ACME clients; tested with and instructions provided for use with Certbot and cert-manager Supports well-known challenge types DNS-01 and HTTP-01	RFC 8555	Keyfactor ACME Documentation
Simple Certificate Enrollment Protocol (SCEP)	Supports certificate enrollment Supports SCEP infrastructure certificate renewal	SCEP draft 23	Keyfactor SCEP Documentation
Microsoft Active Directory AutoEnrollment Integration	Supports auto-enrollment for certificates		The Keyfactor Cloud Gateway supports AD AutoEnrollment (see Cloud Gateway).

Privileged Access Management and Hardware Security Modules

Keyfactor Command is vendor-neutral and interoperates with a wide range of PAM PAM (Privileged Access Management): Controls privileged access by vaulting credentials, enforcing least-privilege/just-in-time access, rotating secrets, and auditing sessions. Across Keyfactor products, PAM protects diverse sensitive operations and secrets—for example certificate stores and CA credentials—via built-in or third-party providers; external integrations are delivered as custom PAM extensions (several published on Keyfactor’s public GitHub). solutions and HSMs through standards-based interfaces. The solutions and models listed below have been explicitly tested and validated by Keyfactor.

Table 5: Privileged Access Management and Hardware Security Modules

Vendor/Model	Use Cases	Documentation
Fortanix Data Security Manager (DSM)	Application-level encryption of Keyfactor Command secrets.	Fortanix HSM
Keyfactor Command Local	Used to secure credentials for, among others: Certificate authorities Certificate stores Identity providers SMTP Workflow	Privileged Access Management (PAM)
CyberArk Credential Provider	Used to secure credentials for, among others: Certificate authorities Certificate stores Identity providers SMTP Workflow	Privileged Access Management (PAM) https://github.com/Keyfactor/cyberark-credentialprovider-pam
Delinea Secret Server (formerly Thycotic)	Used to secure credentials for, among others: Certificate authorities Certificate stores Identity providers SMTP Workflow	Privileged Access Management (PAM) https://github.com/Keyfactor/delinea-secretserver-pam
Hashicorp Vault	Used to secure credentials for, among others: Certificate authorities Certificate stores Identity providers SMTP Workflow	Privileged Access Management (PAM) https://github.com/Keyfactor/delinea-secretserver-pam
Google Cloud Secret Manager	Used to secure credentials for, among others: Certificate authorities Certificate stores Identity providers SMTP Workflow	Privileged Access Management (PAM) https://github.com/Keyfactor/hashicorp-vault-pam

Was this page helpful? Provide Feedback

Version v25.4

On this page: