The Administration area of Workload Protection comprises these screens:

  • Integrations
  • Scanners
  • Enforcers
  • Services
  • Secrets
  • Aqua Labels


The Integrations section of the Aqua UI allows you to configure integrations with several third-party systems.


The Scanners page allows you to add, view, and manage Scanners that are connected to Aqua. See Aqua Scanner Overview for more information.


The Enforcers screen lists all Enforcer groups of all types. 

See Enforcers Screen (UI) for more information about the use of this screen.

For comprehensive information on Enforcers, see Enforcers Overview.


An Aqua service is a group of workloads, which can be either (but not both) of these types:

  • Containers
  • Hosts (VMs)

The workloads that comprise a service at any given time are defined by the scope of the service. Therefore, the workloads (members) of a service can vary over time as workloads are created and terminated.

The main purpose of a service is to apply one or more Firewall Policies to its workloads. These policies contain rules, which either allow or deny (block) outbound or inbound network traffic. The Firewall Policies associated with a service can include predefined (default) policies or custom policies that you have defined.

For more information, see Aqua Services Overview.


In many environments there is a need to pass sensitive information like passwords, connection strings, or tokens into a container. A sensitive piece of information is called a secret. Aqua provides central management and secure distribution of secrets into running containers.

After you integrate Aqua with a secret key store, you can define a secret for that key store in the Aqua Server, and assign access control policies that authorize users or groups to run containers that make use of the secret.

When a secret is used, its value will be automatically injected into the container, either as an environment variable or as a file. The value of the secret is encrypted in transit, and will not be visible outside the container.

For more information, see Manage Secrets.

Aqua Labels

You can define one or more Aqua labels to tag images and secrets. See Aqua Labels for more information.