System Components
Overview
AnkaSecure is designed with a modular architecture, ensuring scalability, security, and flexibility for cryptographic operations across various deployment models (SaaS, On-Premise, Hybrid). This section outlines the core components of the AnkaSecure platform.
Architecture Diagram
flowchart TD
subgraph A[" "]
C["AnkaSecure API"]
end
subgraph F["Storage & Security"]
G["Key Store"]
I["Audit Logs"]
end
%% Customer Applications y CLI
B["Customer Applications"] --- K["AnkaSecure CLI"]
B -- "REST API Calls" --> C
K -- "REST API Calls" --> C
%% Nuevo nodo: AnkaSecureSDK
S["AnkaSecure SDK"]
B -- "Invokes SDK" --> S
S -- "REST API Calls" --> C
%% Conexiones de API Endpoints
C -- "Key Management & Crypto Ops" --> G
C -- "Tracks API usage & security events" --> J["Monitoring System<br/>(Dynatrace, Datadog,<br/>Grafana, etc)"]
G -- "Stores encryption keys" --> H["HSM / Secure Vault<br/>(AWS KMS, Azure Vault,<br/>HashiCorp Vault, etc)"]
%% Base de datos
D["Database"]
C --> D
%% Audit Logs y Event Correlation
C -- "Logging & Compliance" --> I
I -- "Feeds correlation systems" --> L["Event Correlation / SIEM<br/>(Splunk, Elastic, etc)"]
%% Nodo externo: Auth & Authorization
M["Auth & Authorization Server<br/>(IBM API Connect,<br/>AWS Cognito, etc.)"]
B -- "Obtains tokens" --> M
C -- "Verifies tokens" --> M🛠️ System Components
AnkaSecure's architecture consists of several key components, each playing a crucial role in security, access control, and cryptographic operations.
1️⃣ Customer Applications & Interfaces
🔹 Customer Applications interact with AnkaSecure via REST API calls.
🔹 AnkaSecure CLI provides a command-line interface for encryption, signing, and key management.
🔹 AnkaSecure SDK allows seamless API integration into customer applications.
2️⃣ AnkaSecure API
The core of the system, responsible for handling all cryptographic requests, including:
✔ Key Management (Generation, Rotation, Revocation).
✔ Encryption, Decryption, Signing, and Verification.
✔ Token-based authentication and RBAC (Role-Based Access Control) enforcement.
💡 All operations pass through the AnkaSecure API before being processed.
🔒 Security & Authentication
3️⃣ Authentication & Authorization Server
AnkaSecure integrates with external Identity and Access Management (IAM) providers, such as:
- IBM API Connect
- AWS Cognito
- Other OAuth2 / OpenID Connect Providers
✅ Handles authentication & token issuance
✅ Verifies tokens for secure API access
✅ Implements fine-grained Role-Based Access Control (RBAC)**
🔹 Flow:
1. Customer Applications & CLI obtain tokens from the Auth Server.
2. AnkaSecure API validates tokens before processing requests.
🔑 Key Management & Cryptographic Operations
4️⃣ Key Store & HSM Integration
🔹 Key Store securely manages cryptographic keys used for encryption, signing, and verification.
🔹 HSM / Secure Vault Integration supports external AWS KMS, Azure Vault, HashiCorp Vault, ensuring hardware-based protection.
✔ Keys are stored securely and never exposed.
✔ Supports post-quantum cryptography (PQC) and traditional algorithms.
📊 Logging, Monitoring & Compliance
5️⃣ Logging & Compliance
🔹 Audit Logs store all cryptographic events for traceability and compliance.
🔹 Event Correlation / SIEM Integration allows logs to be analyzed using:
- Splunk
- Elastic
- Other SIEM tools
✅ Ensures compliance with regulatory standards.
6️⃣ Monitoring & Observability
🔹 Tracks API usage, security events, and performance metrics.
🔹 Integrated with Dynatrace, Datadog, Grafana, and other observability platforms.
✔ Helps detect anomalies and potential security threats.
📂 Storage & Database
7️⃣ Database
✔ Stores authentication-related data, including:
- Roles & Permissions
- Access control policies
✔ May also store logs, depending on configuration.
✔ Does NOT store cryptographic key metadata.
🔹 Summary
✅ Secure API for cryptographic operations
✅ Strong authentication & RBAC using IAM providers
✅ Enterprise-grade key management with HSM integration
✅ Comprehensive logging, monitoring, and compliance support
For more details, visit: - Authentication & Authorization - Key Management