Platform Identity and Access Management
Understand how users, machine identities, roles, and permissions are managed.
Hanzo KMS uses identity-based access control to govern how users and systems interact with secrets, certificates, infrastructure, and other resources on the platform.
There are two types of identities:
- User identities: Represent individuals such as developers or administrators that typically access the platform via browser.
- Machine identities: Represent systems such as CI pipelines or applications that programmatically interact with the platform.
Each identity is granted access based on its assigned roles and permissions and must authenticate with the platform in order to access any resources.
To learn more, refer to the identities documentation.
Roles and Access
Hanzo KMS provides a robust and flexible access control system. The primary authorization mechanism is role-based access control (RBAC), where identities are assigned roles at two access control levels:
- Organization-level access control: Control billing, member management, and platform-wide settings
- Project-level access control: Control access to specific product resources like secrets, SSH hosts, or certificates
Beyond RBAC, Hanzo KMS also supports additional project-level permissioning features, including attribute-based access control (ABAC), temporary access grants, and additional privileges for select project types.
To learn more, refer to the access control documentation.
How is this guide?
Last updated on