Security Key Manager
The administrator-facing tool that registers, audits, and lifecycles AmbiSecure security keys across an enterprise rollout. Built around Set/Get Master Key, Generate Key Pair, Sign data and proprietary extensions for specific use cases.
Inventory, lifecycle, and audit for hardware-rooted keys.
Inventory
Register every AmbiSecure key issued, with its serial, AAGUID, attestation cert, and assigned user.
Set/Get Master Key
Operations include Set/Get Master Key, Generate Key Pair, Sign data — with proprietary extensions for specific use cases.
Lifecycle
Issue, suspend, rotate, revoke. Each transition is logged and signed.
Audit log
Per-key event history with timestamp, operator, and operation. Designed for SOC and compliance review.
Bulk issuance
Provision keys in bulk under issuer policy — AAGUID, attestation cert, applet selection.
API surface
Web UI for the operator; REST API for integration with the issuer KMS, HRIS, and SIEM.
What the manager handles.
| Authenticators | AmbiSecure OnePass Card, OnePass Bio Card, OnePass USB Key, BioKey, Tappable, Digital Signature Token, IoT Security Chipset |
|---|---|
| Operations | Set/Get Master Key, Key Pair Generation, Sign data, lifecycle transitions |
| Lifecycle states | Issued, suspended, rotated, revoked, decommissioned |
| Audit | Append-only log; SIEM-friendly export |
| Integration | REST API for issuer KMS, HRIS, and SIEM systems |
| Deployment | On-prem; cloud option on customer roadmap |
Rolling out hardware keys at scale?
We can stand up a Security Key Manager pre-integrated with your KMS, HRIS, and SIEM — and trained on your audit requirements.