At the core of the CyberArk Privileged Access Manager Solution is the CyberArk Digital Vault, which contains a highly secure database that stores privileged-account credentials, access-control policies, credential management policies, and audit information. To protect both the Digital Vault database itself and the data stored within the database, CyberArk uses a multi-layered encryption hierarchy.
Each individual file and safe within the Digital Vault database are uniquely encrypted using a randomly generated encryption key. At the top of the key hierarchy, CyberArk utilizes a unique server key and a unique recovery key. The server key is required to start the Digital Vault, and in accordance with the CyberArk Digital Vault Security Standard, this encryption key is stored within a Utimaco hardware security module (HSM).