TABLE OF CONTENTS


Introduction


The Administration area of Workload Protection is accessed from the left-hand menu (under Configuration). It comprises the pages listed below.


Integrations


The Integrations section of the Aqua UI allows you to configure integrations with several third-party systems.

For information on configuring image registries, see Image Registries and Repositories.

For all other kinds of integrations, start with Integrations Overview, and read the appropriate topic.


Scanners


The Scanners page allows you to add, view, and manage Scanners that are connected to Aqua. See Scanners for more information.


Application Scopes


Application scopes are one of the fundamental building blocks of Role-Based Access Control (RBAC), which is designed to support enterprises consisting of multiple teams working on different projects, with different sets of system resources. RBAC allows system administrators to precisely control, for all users, which system resources the user can edit (create, modify, and delete); view; or not access at all.


Refer to RBAC Overview and Application Scopes for more information.


Enforcers


The Enforcers screen lists all Enforcer groups of all types. 


See Enforcers Screen (UI) for more information about the use of this screen.


For comprehensive information on Enforcers, see Enforcers Overview.


Services


An Aqua service is a group of workloads, which can be either (but not both) of these types:

  • Containers
  • Hosts (VMs)


The workloads that comprise a service at any given time are defined by the scope of the service. Therefore, the workloads (members) of a service can vary over time as workloads are created and terminated.


The main purpose of a service is to apply one or more Firewall Policies to its workloads. These policies contain rules, which either allow or deny (block) outbound or inbound network traffic. The Firewall Policies associated with a service can include predefined (default) policies or custom policies that you have defined.


See Aqua Services Overview.


Secrets


In many environments there is a need to pass sensitive information like passwords, connection strings, or tokens into a container. A sensitive piece of information is called a secret. Aqua provides central management and secure distribution of secrets into running containers.


After you integrate Aqua with a secret key store, you can define a secret for that key store in the Aqua Server, and assign access control policies that authorize users or groups to run containers that make use of the secret.


When a secret is used, its value will be automatically injected into the container, either as an environment variable or as a file. The value of the secret is encrypted in transit, and will not be visible outside the container.


For more information, see Manage Secrets.


Aqua Labels


You can define one or more Aqua labels to tag images and secrets. See Aqua Labels for more information.