Secure Customer Business Logic with Customized Scripting using Lua
It is the common scenario that some of the customers requirements involve executing a custom set of cryptographic operations that are tied to the specific business logic. To bring an extra level of flexibility to customers, Fortanix Data Security Manager (DSM) offers "plugins" to allow users to run custom code securely inside enclaves and make use of their security objects.
All execution of code runs within a secure enclave running inside the security boundary of FIPS 140-2 level 3 certified HSM.
Role based access controls (RBAC)
Plugins and their actions are governed by the same RBAC framework used by all Fortanix users.
REST API driven
Like all Fortanix capabilities, plugins can be invoked using REST APIs. Additionally, plugins can also make outbound calls using REST APIs.
Plugins can be written and loaded by customers themselves to the Key Management System (KMS). Plugins are written in Lua, an easy to learn open-source scripting language. Run test tools for debugging before putting plugins into production.
Plugin Library (PL) is a feature of the Fortanix DSM that allows users to view and share frequently used plugins from a common place. DSM users can create local copies of the plugins in the library that they intend to use and access new plugins when the repository is updated by Fortanix.
Securely run sensitive business logic
Plugins are a powerful system allowing users and/or applications to securely run sensitive business logic inside the Fortanix HSM.
Business workflow orchestration
Integrate your business workflows with the DSM platform using plugins. For example: Create a ticket in ServiceNow or create a certificate sign-in request.
Create custom access control policies
Impose custom, arbitrarily complex access control policies on keys in the KMS.
Integrate with existing policies
Customize your new Fortanix KMS to support existing policies and procedures, minimizing operational and application changes.