Supported algorithmsAccess control
  • Organizational Roles and Access Levels
  • Key-Specific Permissions
  • Protection Options
  • Multi-Organization Management
  • Key Management Features
  • User and Permission Management
  • Comprehensive Audit Logging
  • Why RBAC Matters

Understanding Role-Based Access Control (RBAC) and Policy

Goodkey uses a sophisticated RBAC model combined with multiple protection backends to ensure enterprise-level security for your cryptographic assets. This model controls access at both the organization and key levels, providing granular permissions to fit diverse operational needs.

Organizational Roles and Access Levels

Goodkey defines three main roles within an organization:

  • Admin

    Has complete control over the organization, including member management and role assignments.

  • Security Officer

    Manages cryptographic assets and operations, with the ability to view key operation logs and enforce security policies.

  • Member

    Holds basic access to organizational information and member details but does not manage security settings.

Key-Specific Permissions

Each cryptographic key in Goodkey has its own permission structure, allowing you to separate responsibilities and minimize security risk:

  • Owner

    Has full control over a key’s settings and its assigned roles. Ownership can belong to a specific user or to the organization itself. If owned by the organization, the

    Security Officer

    or Admin can exercise owner privileges.

  • Approver

    Authorizes sensitive key operations (e.g., signing critical code or decrypting highly confidential files). This role provides crucial checks and balances in your security workflow.

  • Auditor

    Can view key operation logs to ensure compliance and quickly detect any suspicious activities.

  • Operator

    Executes cryptographic operations—like signing or encrypting data—without the authority to approve or modify key settings. This maintains a separation of duties.

Protection Options

Goodkey offers multiple backends and security features to protect your keys:

  • Software KMS Solution

    Provides an extensive set of cryptographic algorithms and operational modes for flexible use cases.

  • FIPS 140-3 HSM Backend

    Integrates Hardware Security Modules (HSMs) certified to FIPS 140-3 standards for regulated or high-security environments. Cryptographically verifiable attestations prove the security properties of these keys (e.g., non-exportability, lifecycle state).

  • Quorum Controls

    Require multiple parties (e.g., multiple Approvers) to authorize critical actions, like finalizing code releases.

Multi-Organization Management

Goodkey allows you to create multiple organizations within a single account:

  • Environment Separation

    Keep production, testing, and development environments isolated to reduce risk and manage keys independently.

  • Team and Division Segmentation

    Maintain separate organizations for different business units, ensuring only relevant users have access to each organization’s keys.

  • Easy Switching

    Navigate between organizations in the Goodkey interface without logging in and out repeatedly.

  • Distinct Key Sets

    Each organization can have its own set of keys and unique access policies.

Key Management Features

  • Lifecycle Management

    Create, activate, deactivate, and manage keys according to operational needs.

  • Ownership Control

    Each key has a designated owner who manages its settings and user permissions.

User and Permission Management

  • Centralized Access Control

    Goodkey provides a unified interface for overseeing all users and their permissions across your organizations.

  • Granular Role Assignment

    Assign specific roles at both the organization and key levels, ensuring each user has exactly the access they need.

  • User Lifecycle Management

    Quickly invite new users by email and manage their permissions as roles evolve over time.

  • Role Modification

    Update user roles and privileges in real-time, ensuring your security posture adapts to changing team responsibilities.

Comprehensive Audit Logging

Goodkey captures thorough audit logs to help detect anomalies, maintain compliance, and streamline forensic analysis:

  • Audit Data

    • User identification:

      email, device info

    • Location & IP address

    • Timestamps & operation types

    • Cryptographic details

      : policy in effect at operation time, algorithm used, and data being signed/encrypted

  • Operational Logs

    Track key usage and activity, including creation, rotation, or deactivation events.

  • Policy Logs

    Document every change to roles, permissions, and security policies to ensure accountability and transparency.

Why RBAC Matters

By assigning roles and enforcing policies at both the organizational and key level, Goodkey enables you to:

  • Minimize Risk

    : Separate duties and reduce the chance of a single point of failure or abuse.

  • Maintain Compliance

    : Prove adherence to internal and external regulations through detailed logging and policy management.

  • Streamline Collaboration

    : Safely delegate tasks to specific team members while retaining oversight of critical operations.

Goodkey’s RBAC model and flexible backends give you a robust, scalable way to manage cryptographic keys, ensuring the right people have the right access—while minimizing the risk of unauthorized use.