Introduction to Data at Rest Encryption with BeyondTrust Privileged Remote Access


BeyondTrust Privileged Remote Access's (PRA) data at rest encryption allows organizations to use their existing key management solution to encrypt their BeyondTrust configuration, text-based session audit history, and session recordings for on-premises or cloud-based BeyondTrust PRA deployments. With BeyondTrust PRA's data at rest encryption feature, organizations can comply with data encryption policies put forth by your organization's Information Security team.


  • BeyondTrust Appliance1BeyondTrust Appliance is used interchangeably to refer to both on-premises and cloud deployments. must be using BeyondTrust Base version 5.0 or above.
  • The key management solution must support Key Management Interoperability Protocol (KMIP) version 1.0 or above.
  • For cloud deployments, BeyondTrust PRA Cloud must be able to access the KMIP server over port 5696.
  • A root Certification Authority (CA) certificate must be provided by the KMIP server.
  • A client Transport Layer Security (TLS) certificate that defines the KMIP user account to be used for authentication, which must be provided by the KMIP server and uploaded to the BeyondTrust Appliance.