Which component is responsible for changes in passwords and SSH key rotations?

The Central Password Manager (CPM) is specifically designed to manage the password lifecycle for accounts stored within the CyberArk Vault. It automates critical tasks such as changing passwords and performing SSH key rotations based on predefined policies. By doing so, it ensures that privileged credentials are regularly updated to mitigate the risk of unauthorized access. The CPM executes these changes at defined intervals or in response to certain events, ensuring compliance with security policies.

This focused responsibility of the CPM for managing and updating privileged passwords and SSH keys distinguishes it from other components in the CyberArk ecosystem. Password Managers typically handle credential storage but may not directly engage in the automated changing of passwords and key rotations. The Remote Control Agent is involved in session management and monitoring but doesn't handle password management directly. Similarly, a Vault Administrator's role is more about overseeing the Vault and its configurations rather than executing password changes or key rotations autonomously.