A password vault is a secure, encrypted digital storage system, like a digital safe, that holds all your login credentials (usernames, passwords). You can configure your vault providers here. At the moment we support Azure and HashiCorp.
Adding new provider
Use the context menu to add a new provider. Here shown for Azure.
(1) Alias: The alias for your vault provider. You can use any name.
(2) Address: The endpoint of your vault provider (just an example here). You will get that from your Azure administrator.
(3) Display Name: Any name (just for display purposes here).
(4) Provider: Select value “Azure Key Vault”.
(5) Tenant ID: You will get the tenant ID from your Azure administrator.
(6) Client ID: You will get the client ID from your Azure administrator.
(7) Authentication Method: You can either use a client secret or a PEM certificate. You will get those from your Azure administrator.
Using vault passwords
You can use vault passwords at several places in the GUI:
Channels (FTP, HTTP, IoT, Mail, OFTP, SSH, X.400)
AMQP, MQTT and TCP connections
Database connections
Transport Manager connections
HTTP Input Agents
Press button “Vault” in any of those password dialogues.
The dialogue will offer you all possible passwords you have permission to access through the configured provider. We will show this again for Azure as an example.
Note: The password selection depends on the provider. Azure Key Vault offers a simple and direct access via an identifier key whereas HashiCorp offers a deeper path hierarchy. Unneeded values for a specific provider are filled automatically. You can only select values relevant for your provider. Please ask your administrator for details.
(1) Providers: Select your Azure provider.
(2) Mounts: Not needed for Azure (defaults to “key_value”).
(3) Names: Select the secret identifier key of the password.
(4) Key: Not needed for Azure (defaults to the value of field “Names”).
After you apply the password, it will look like this:
When you view the password, you won’t see the actual password but the vault password identification string:
The formal format of that string is: $VS$<provider_alias>$key_value$<name>$<name>$