Which component is responsible for performing password changes and SSH key rotations?

The Central Policy Manager (CPM) is responsible for performing password changes and SSH key rotations in the CyberArk environment. The CPM acts as the policy enforcement point that manages and automates credentials, ensuring compliance with security policies. When passwords or SSH keys need to be rotated, the CPM executes the necessary commands to update these sensitive credentials according to the policies defined by the organization.

This component not only handles the routine changes of passwords but also manages various aspects of credential security, like executing changes on target systems and updating the Digital Vault with the new values. The processes managed by the CPM reduce the risk of unauthorized access due to stale or hard-coded passwords, making it a critical component in ensuring the overall security framework.

The Digital Vault, while it stores the sensitive credentials, does not perform any changes. Password Vault Web Access (PVWA) provides a user interface for accessing and managing these credentials but relies on the CPM for the actual rotation process. Privileged Session Management (PSM) is designed to secure and monitor privileged sessions but does not handle password changes or key rotations directly. Thus, the Central Policy Manager is the key player in credential management workflows within CyberArk.