Vault is a repository that keeps confidential information secured in the Database. Vault provides a robust security level, by adding more security while saving and accessing the classified data. Instead of storing information as a plain text, Vault is used to securely save and fetch data in an encrypted form. The following services use Vault:
- Custom Plugin
- Web Service REST Consumer
- Put-Context-Var Action
Expand |
---|
title | Create Vault and Keys |
---|
|
To create a Vault and define its custom keys to store and fetch passwords: - Go to Develop > Services > Security > Vault.
- Click Create New.
Type the name and description of the new Vault.
You can change Vault Alias before you hit Save. Once saved, you cannot modify the field.
Info |
---|
| The Vault Alias is a unique field. |
Type in a key and its value. Click Add to add a new Parameter.
- Click to view the hidden values. Click to mask the password. To delete a parameter, click in front of it.
- Expand Advanced Properties to change the project and owner of this vault. Also provide permission of Read, Write, and Execute to Owner, Group, and Others. Click here for more information on how permissions work.
- Click Save.
|
Expand |
---|
|
The URL we use in any application contains some confidential information like password which is passed as a plain text. To enhance the security, use vault to encrypt the password instead of providing the password as a plain text. Before using it in the URL, click here to create a new Vault.
After you have created a vault, write the following syntax in the URL of the JDBC drivers (given in the table below) replacing the confidential information:
{Vault.aliasName.key}
where, Following an opening curly parentheses, 'Vault' is a keyword to be used every time (V in 'Vault' is UPPERCASE). aliasName is the Vault Alias, where the parameter, which stores the confidential data, is defined. key is the parameter which stores the confidential data. Finally closed by a closing curly parentheses. A period is used as a separator between Vault and aliasName; and aliasName and key.
Now if a REST Consumer Web Service is using vault for storing and fetching a password, we define the URL in the form: http://server:host?username=<username>&password={Vault.aliasName.key}
For example- http://192.168.1.195:8080?username=admin&password={Vault.safe.client_key}
|
Expand |
---|
|
- Click the Vault Name or, Click next to the Vault you wish to edit, and select Edit.
- You can edit the information in the window that appears. Note that you cannot rename Alias once it is created. Other details that cannot be modified are 'Creation Date', 'Modified Date' and, 'Last Modified by'.
- Click Save.
|
Expand |
---|
|
- Click next to the Vault you wish to view.
Click 'View'. A new window will open up with information about the vault.
|