Public clouds can use security principals to allow you to access multiple services using secret-protected or temporary credentials. By creating a cloud identity, you can define your secret-protected or temporary credentials parameters in one place and reuse them later.
The secret or password parameter of a cloud identity can be:
- A secret identifier: a URL to a cloud identity secret vault's actual secret.
This allows for the external storage of a secret or password in a cloud secret vault.
- Empty: the authentication is based on the cloud identity on select bridges (such as Microsoft Azure Data Lake Storage or Microsoft Azure Blob Storage).
Cloud identities are available for Amazon Web Services, Google Cloud and Microsoft Azure.