Key Takeaways

  • External storages act as a password manager for your organization and file transfer systems, providing separate centralized storage for secrets like credentials and keys.  
  • Building on internal security layers, external storages don’t replace your current security model but help meet modern security standards and improve operational efficiency. 
  • Implementing external storage has its challenges, and it requires a comprehensive strategy before taking action rather than a configuration task. 
  • Axway SecureTransport already provides a significant layer of internal security and also enables organizations to integrate a third-party external storage solution for additional security. 

Today, Axway MFT product experts are starting a new series focused on advanced security practices for SecureTransport deployments. Over the next several weeks, we will focus on various critical aspects of modern file transfer security. We will explore why certain practices matter today and in the near future, how these measures fit into modern enterprise security models, and how SecureTransport can help you achieve your security goals and peace of mind. 

We kick off this series today with a focus on external storages for secure secret management. Over the next several weeks, we will cover topics like ciphers management, certificates lifecycle and renewal, and authentication mechanisms.   

Integration with external storages 

Secrets are a crucial part of modern systems. You encounter these secrets in all aspects of digital life: passwords, API keys, credentials, encryption, certificates, and many more. Your file transfer systems rely on secrets, and your compliance rests on effective secrets management. Handling and managing your secret and sensitive information can make a difference between a secure file transfer and an open-door policy for malicious actors.  

In the past, people used a pen and paper to store secrets, hoping a piece of paper with a secret would never get into the wrong hands. All of us have had at least one password in their life stored in a simple Word document or even sent one over an unencrypted text message. But the risks and human errors created a demand for password managers that many use today to store sensitive information.  

External storages play a similar role for file transfers today. In 2025 and 2026, they are password managers for machine identities, distributed systems, and Zero Trust architectures 

Let’s dive deeper. 

Why do external storages matter? 

Living up to its name, the Axway MFT product team always treats the protection of sensitive data as the highest priority. Data in Axway MFT, including Axway SecureTransport, is encrypted at rest, controlled through access policies, and isolated within secure components. But modern systems become more complex: security threats evolve, and security measures must be one step ahead.  

Architectures also evolve. They become more distributed and require more flexibility and scalability. A rare architecture today resides solely on-premises — hybrid architectures have become a default option for many organizations. Systems and applications run on-premises, in public and private clouds. Security models assume identity-based access, not static credentials. 

See also: Switching to a more capable MFT vendor is easier than you think.

External storages are a response to this rising complexity rather than a replacement for your security systems. They implement more advanced security practices and secret management that go beyond traditional approaches and provide additional convenience and value. Many organizations already integrate SecureTransport with external storages products like HashiCorp and CyberArk.  

External storages solutions help organizations build a strong foundation for additional benefits, including: 

External storages don’t replace your current security model or internal mechanisms. They extend your security measures to meet modern security standards and improve operational efficiency.  

External storages in modern architectures 

External storage is more than a “vault” for your secrets. They act as an additional layer that enables security practices that are difficult to enforce consistently at the application level.  

Such practices include:  

  • Vendor-neutral flexibility: The same approach works regardless of the environment: AWS, Azure, Google Cloud, or on-premises. 
  • Zero Trust alignment: Secrets are never hardcoded in configuration files; instead, access is granted based on identity and policies, reducing the risk of attack. 
  • Credential rotation by default: Credentials and keys are rotated regularly, minimizing exposure.  
  • Automatic recovery: In case of a failure, external storage ensures continuity without emergency procedures and manual intervention.  
  • Advanced cryptographic algorithms: Secrets are protected with industry-leading encryption standards for both storage and transmission.  

These practices help organizations shift from static configurations to continuous security control.  

Security capabilities of external storages 

Implementing external storages unlocks additional capabilities to keep your secrets safe if you treat external storages as a core component of your security framework. It rests on features that were previously complex or required manual efforts, opening room for human errors and security breaches. External storages enable these capabilities to improve your security framework. 

  • Dynamic secret rotation: Credentials, API keys, and certificates are automatically rotated at defined intervals, reducing the risk of compromised lifelong secrets. 
  • Granular access control: External storages help integrate fine-grained permissions based on roles, environments, and workflows and enforce the least-privilege access across distributed systems. 
  • Cryptographic policy enforcement: External storages have built-in validation capabilities that verify configurations are strong enough to resist attacks. 
  • Centralized policy management: Security policies like password complexity requirements, expiration rules, and encryption standards are enforced globally without manual configuration.  
  • Secure integration with CI/CD pipelines: Secure secrets storage is injected during build and deployment pipelines without exposing them in code repositories and allows dynamic retrieval and ephemeral credentials.   
  • Real-time security monitoring: Combined with SIEM tools, external storages logs detect anomalies and prevent unauthorized access and policy violations in real time.  

When these features are approached holistically and with your existing security measures in mind, organizations get a dynamic, automated, and fully governed system that is required for complex architectures and Zero Trust strategies.  

Challenges of integrating external storages 

Introducing a new security layer on top of existing infrastructure is not an entirely frictionless process. External storages add layers of complexity that organizations should know and resolve during the implementation, so that external storage doesn’t become an open door for attackers.  

Common challenges of implementing external challenges are: 

  • Multiple secret locations: SecureTransport has several components that require secure storage, and integrating external systems requires careful planning. 
  • Encryption standards and guarantees: External providers must meet or exceed internal cryptography standards, like encrypting data at rest and in transit.  
  • Identity and access management: Control over who can access what and when becomes more complex when integrating external storages, which makes strong authentication and role-based access essential. 
  • Audit and traceability: Detailed logs must be complete, retained, and consumable by security tooling.  
  • Secret lifecycle management: Advanced practices like automated secret rotation and policy enforcement require proper orchestration and high-volume environments. 
  • Performance considerations: Balancing security with latency and throughput is critical for systems efficiency.  

These are the challenges, not complete blockers. While implementing external storages can be a tricky task to guarantee security and compliance, it is a prime opportunity to adapt your critical systems to evolving threats and requirements 

Best practices for external storages implementation 

The Axway MFT team is in constant communication with our customers. We closely follow the evolution of architectures and security requirements, and, from the product perspective, successful implementations consistently follow several core principles: 

  • Secrets consolidation: Don’t spread your secrets across different locations — centralize secrets in external storages only and avoid local-only storage whenever possible. This step helps reduce fragmentation and simplifies governance. 
  • Smart secrets storage: Avoid hardcoding secrets in code, scripts, and pipelines to reduce exposure.  
  • Strong authentication: Advance beyond basic credentials — use OAuth 2.0, mutual TLS certificates, key-based authentication, and role-based access control for granular permissions.  
  • Encrypt everything: Use industry-leading algorithms like AES-256 for storage and TLS 1.3 for transport to encrypt data both at rest and in transit, and make sure your external storages provider meets compliance standards for cryptography.  
  • Regular rotation of secrets: Automated rotation policies minimize exposure from compromised credentials and enforce best practices without manual intervention. 
  • Secrets management automation: Using automation, orchestration tools, and APIs reduces human error, ensures consistency across environments, and accelerates deployment cycles. 
  • Scalability and resilience: Integrations should be able to handle high-volume workloads without latency spikes; use caching strategies for non-sensitive metadata while keeping secrets retrieval secure.  

These key practices will help you strengthen your security and reduce operational risks. But implementing external storages goes beyond a set of practices to connect systems. External storages are a core component of a security framework, and just like anything in security and compliance, creating an additional security layer requires a holistic strategy that should be outlined as the first step.  

Axway SecureTransport supports external storages 

We at Axway consider that organizations already have a significant layer of internal security that SecureTransport provides to customers. Building on this strong foundation of SecureTransport, Axway enables customers to integrate external storage to deliver maximum security, scalability, and flexibility. 

SecureTransport already includes robust internal mechanisms for the management of secrets and sensitive information. Various capabilities of SecureTransport help securely store sensitive configuration data, protect credentials and certificates for file transfers, and encrypt repositories and internal keys.  

For external storages, SecureTransport supports integration with leading third-party specialized solutions like HashiCorp Vault and CyberArk. These applications help customers centralize and manage their secrets while maintaining the strong security provided by SecureTransport.   

See also: Can your vendor keep their promise for secure data transfer?

Next steps 

One of Axway’s goals for SecureTransport is to adapt secret management to ever-evolving security requirements, staying ahead of potential threats. Axway is basing its strategy for SecureTransport on principles like Zero Trust, compliance frameworks, and industry standards and best practices. Ensuring that every secret — credentials, encryption keys, certificates — can be managed externally is a part of this vision.  

Our goals are to help customers simplify audits, reduce exposure risks, and improve authentication and governance. Our near-term plans focus on expanding the integration coverage, dynamic injection during runtime, and continued integration with enterprise identity providers. The long-term vision includes steps to guarantee support of external storage integration across all relevant SecureTransport components, advanced security features like dynamic secret rotation, automated compliance checks, and deeper integration with identity providers.  

Axway supports continuous innovation. In the future, we expect to add monitoring dashboards, proactive security alerts, and orchestration capabilities for effortless and scalable secret management.  

 

Malicious attacks evolve, and so do security measures. We invite deep dialogue and sharing real-world experiences. If your organization needs to level up your security and data protection, join us at the upcoming Axway Summits in North America and Europe 

We also conduct regular user group sessions, where customers share their real-world perspective, learn more about new security initiatives, and discuss modern practices like external storages.  


Schedule time with Axway experts

Share this article