Inventory
Inventory
Section titled “Inventory”The Inventory page is the central view of all discovered cryptographic assets. Every certificate, key, algorithm, and protocol found by sensors appears here with full metadata.
Asset Table
Section titled “Asset Table”The main table displays all assets from the crypto_assets MongoDB collection. Each row shows:
| Column | Description |
|---|---|
| Name | Human-readable identifier (e.g., “api.example.com TLS cert”) |
| Type | Asset type: certificate, private-key, public-key, symmetric-key, algorithm, protocol, signature |
| Algorithm | Cryptographic algorithm (RSA-2048, ECDSA P-256, AES-256-GCM, etc.) |
| Key Size | Bit length (2048, 256, 384) |
| Risk Level | Quantum risk classification (CRITICAL/HIGH/MEDIUM/LOW/NONE) |
| Lifecycle | Current state (active, suspended, compromised, etc.) |
| First Seen | When the asset was first discovered |
| Last Seen | Most recent scan that found this asset |
Filtering
Section titled “Filtering”Filter the inventory by:
- Asset type — Certificate, private-key, public-key, symmetric-key, algorithm, protocol, signature
- Quantum risk level — CRITICAL, HIGH, MEDIUM, LOW, NONE
- Algorithm — RSA, ECDSA, AES-256, SHA-256, etc.
- Lifecycle state — Active, suspended, deactivated, compromised, destroyed, revoked, pre-activation
- Scanner source — Which sensor/scanner discovered the asset
- Text search — Search by name, subject, issuer, or fingerprint
Asset Detail
Section titled “Asset Detail”Click any row to view full asset details:
Certificate Details
Section titled “Certificate Details”- Subject and Issuer DN
- Serial number
- Validity period (notValidBefore / notValidAfter)
- Signature algorithm
- Key usage and extended key usage
- Subject Alternative Names (SANs)
- Thumbprint / fingerprint
- Certificate chain position
Key Details
Section titled “Key Details”- Algorithm and key size
- Curve (for EC keys)
- Key format (PEM, DER, JKS entry)
- Associated certificate (if linked)
Common Fields
Section titled “Common Fields”- All discovery locations (where the asset was found)
- Related assets (parent keystore, associated keys/certs)
- Scan run history
- Lifecycle state and reason
Deduplication
Section titled “Deduplication”Assets are deduplicated by SHA-256 fingerprint. If the same certificate appears in multiple locations (e.g., deployed to 5 servers), it shows as one asset with multiple locations listed.
This prevents inventory bloat while maintaining full visibility into where each asset is deployed.
Lifecycle State Management
Section titled “Lifecycle State Management”Change an asset’s lifecycle state directly from the inventory:
| State | Meaning (NIST SP 800-57) |
|---|---|
| pre-activation | Generated but not yet in use |
| active | Currently in operational use |
| suspended | Temporarily disabled |
| deactivated | Permanently removed from use |
| compromised | Key material may be exposed |
| destroyed | Cryptographically erased |
| revoked | Certificate revoked by CA |
Saved Searches
Section titled “Saved Searches”Save frequently used filter combinations for quick access. Saved searches are available to all users.
Related
Section titled “Related”- Dashboard — Summary view of inventory
- Relationships — Visualize connections between assets
- Import/Export — Export inventory as CycloneDX CBOM
- Lifecycle Management — State transitions in detail