Skip to main content
This document provides information on integrating BeyondTrust Password Safe with CryptoHub through the Futurex PKCS #11 library.

About BeyondTrust, the company

BeyondTrust is a global cybersecurity company specializing in Privileged Access Management (PAM), identity security, and vulnerability management. Their solutions help organizations protect sensitive assets by controlling, monitoring, and securing privileged accounts and access pathways across hybrid and multi-cloud environments. Their mission, from the company website, is:“BeyondTrust fights every day to secure identities, intelligently remediate threats, and deliver dynamic access to empower and protect organizations around the world. Our vision is a world where all identities and access are protected from cyber threats. Our innovative approach goes beyond just PAM to find, manage, and protect the Paths to Privilege™.”

About BeyondInsight, the platform

To learn more about BeyondInsight, visit BeyondInsight information page.BeyondInsight is BeyondTrust’s unified management, reporting, and analytics platform that serves as the centralized foundation for multiple BeyondTrust products. It provides a single console for configuration, event monitoring, vulnerability assessment, data analytics, and policy management. BeyondInsight consolidates information across the environment by performing key security and operational functions, including:
  • Discover Infrastructure
  • Profile Configuration
  • Detect Admin Needs
  • Manage Access
  • Reveal Risks
  • Analyze Threats
Through these capabilities, administrators can streamline workflows, enforce consistent security policies, and gain deep visibility into privileged risks across enterprise systems.

About BeyondTrust’s Password Safe product

Password Safe is BeyondTrust’s enterprise-grade privileged credential and session management solution that automates the discovery, storage, rotation, and auditing of privileged credentials. Designed to eliminate static and over-privileged accounts, Password Safe securely vaults passwords, SSH keys, API keys, and service accounts while enforcing time-limited, just-in-time access to critical systems. It integrates session recording, adaptive access workflows, automated policy-based rotation, and threat analytics to prevent unauthorized use of high-risk accounts. To learn more about the Password Safe product, visit the Password Safe information page.

What is CryptoHub?

CryptoHub is the most flexible and versatile cryptographic platform in the industry. It combines every cryptographic function within our extensive solution suite. You can operate CryptoHub within a simple web dashboard to deploy virtual cryptographic modules, fulfilling most use cases.

Using CryptoHub with Password Safe

Password Safe can integrate with HSMs to secure the encryption keys used for storing privileged credentials. The CryptoHub platform assumes full responsibility for key management as well as the encryption and decryption operations, ensuring that sensitive credential data is never exposed in plaintext. Password Safe communicates with CryptoHub using theindustry-standard PKCS#11 interface. Through the Futurex-provided PKCS#11 drivers, Password Safe can securely route all cryptographic operations to the CryptoHub platform. This architecture ensures that all key operations occur within aFIPS 140-2 Level 3-validated HSM, allowing organizations to comply with strict regulatory standards and maintain strong assurance that privileged credentials are securely protected. By offloading cryptography to CryptoHub, Password Safe reduces the risk of key exposure while maintaining full functionality for automated credential management, rotation, and auditing. To learn more about how hardware security modules (HSMs) integrate with the Password Safe product, visit BeyondTrust’s HSM integration documentation page.