Skip to main content Skip to complementary content

Cloud vault authentication

Secrets Vaults are environments provided by various third-party vendors which are central repositories for basic usernames and Secret / Passwords, as well as tokens, SSH keys, and certificates to name a few. These are referred to as secrets.

This product supports the following for providing authentication information for various bridge:

  • Microsoft Azure
  • Amazon Web Services
  • Google Cloud

First you must define the credentials for connecting to the particular vault(s) you use and then you may refer to any secrets (e.g., Secret / Password, certification, etc.) required for importing from a particular source when defining the parameters for an imported model.

You can ask a cloud bridge to get the value of its cloud secret parameter from a cloud vault by specifying the vault’s URL of the secret in the parameter.

Public clouds support key vaults that help you to safeguard secrets. Each secret has a unique URL. You can save a secret in a cloud vault and permit access to the secret to the security principal registered with this product. When this product has multiple security principals registered for the cloud of the vault, it will use the first one.

This authentication method works in conjunction with the secret credential method and is appropriate when you would like to

  • Use rotatable secrets like a cloud database Secret / Password
  • Avoid storing secrets in this repository

Steps

  1. If not already done, configure a cloud identity .
  2. Go to MANAGE > Configuration and create a new model or setup an existing one which will use a secret from the vault associated with the cloud identity.
  3. Specify Cloud Identity the appropriate URL/Code in the Import Setup tab for the model and import .
Information note

Each secret has a unique secret identifier which is a URL to a cloud identity secret vault secret (allowing for external storage of such Secret / Password in a cloud secret vault).

Example

Sign in as Administrator and go to MANAGE > Cloud Identities in the banner.

Click + Add. Enter “Sales Azure East US” in the NAME field.

Enter the proper credentials:

  • DIRECTORY (TENANT) ID from Azure
  • APPLICATION (CLIENT) ID from Azure
  • APPLICATION (CLIENT) SECRET from Azure

Click TEST .

Click CREATE.

Information note

Be sure to work with your experts in the specified secrets vault to obtain both the connection credentials required on this page and the actual URL or ID of the secret you will use for import.

Now, go to MANAGE > Configuration and the Import Setup tab .

Pick Sales Azure East US as the CLOUD IDENTITY .

Specify the appropriate Secret Identifier URL in the Secret / Password field and continue with the import.

For example:

Did this page help you?

If you find any issues with this page or its content – a typo, a missing step, or a technical error – let us know how we can improve!