Configure the Akeyless PAM Integration for Tenable Nessus
Required User Role: Standard, Scan Manager, or Administrator
The Tenable Akeyless PAM integration is configured using the Akeyless PAM credential type, available under SSH settings, Windows credentials, and Database credentials in Tenable Nessus scan policies.
Required Permissions
The Akeyless PAM authentication method used by the integration must have read access to the secrets referenced in the scan credential.
To configure the required permissions in Akeyless PAM:
-
Log into your Akeyless PAM console.
-
Navigate to Auth Methods and create or identify the authentication method for Tenable to use (Access Key, Universal Identity, or Certificate).
-
Navigate to Access Roles and create a role that grants read access to the secret path(s) used for scanning (for example, /scan/credentials/*).
-
Attach the Access Role to the authentication method.
Note: For privilege escalation scans (SSH only), ensure the authentication method also has read access to the escalation credential path.
What to do next: