Manage CloudLink Vault

This chapter provides information about CloudLink Vault and managing it.

CloudLink Center includes an encrypted container, referred to as the CloudLink Vault that encrypts and protects:

  • Credentials used to access remote resources

    For example, CloudLink Vault stores credentials that are required to access the Microsoft Windows domain, FTP or SFTP servers, and external keystores.

  • Device or volume key encryption key (VKEK), if CloudLink Vault is used as the keystore.

    For more information about using CloudLink Vault as the keystore, see CloudLink encryption key location and protector options.

When a CloudLink Center server restarts, it must unlock CloudLink Vault before CloudLink Center can authorize machine operations, ensuring that a stolen copy of CloudLink Vault or the disk on which it is stored does not contain any unprotected secrets or encryption keys.

CloudLink Vault was configured during initial server setup. For more information, see Dell EMC CloudLink 7.0 Deployment Guide. You can view and change the configuration at any time to:

  • Change the mode for opening the CloudLink Vault (automatic or manual).
  • Change passcodes used to unlock the CloudLink Vault in manual mode.

For information about CloudLink Vault and CloudLink Center clusters, see Create and manage CloudLink Center cluster.