Vault is a repository that keeps confidential information secured in the Database. Vault provides a robust security level, by adding more security while saving and accessing the classified data. Instead of storing information as a plain text, Vault is used to securely save and fetch data in an encrypted form. The following services that use Vault :includes Database Info
...
, Custom Plugin
...
, Web
...
Service REST Consumer
...
, and Put-Context-Var Action
...
.
Expand |
---|
title | Create Vault and Keys |
---|
|
To create a Vault and define its custom keys to store and fetch passwordsthe confidential information: - Go to Develop > Services > Security > Vault.
- Click Create New.
Type the name and description of the new Vault.
You can change Vault Alias before you hit Save. Once saved, you cannot modify the field.
Info |
---|
| The Vault Alias is a unique field. It holds the parameters which in turn are used to save the confidential information. |
Type in a key and its value. Click Add to add a new Parameter.
- Click to view the hidden values. Click to mask the password. To delete a parameter, click in front of it.
- Expand Advanced Properties to change the project and owner of this vault. Also provide/update permission of Read, Write, and or Execute to Owner, Group, and Others. Click here for more information on how permissions work.
- Click Save.
|
...
Expand |
---|
|
The URL we use in any application contains some confidential information like password which is passed as a plain text. To enhance the security, use vault to encrypt the password instead of providing the password as a plain text. Before using it in the URL, click here to create a new Vault. After you have created a vault, write the following syntax in the URL of the JDBC drivers (given in the table below) replacing the confidential informationreplace the confidential information while using a service, with the text in the following syntax:
{Vault.aliasName.key}
where,Following an opening curly parentheses, ' ' to be used every time - (V in 'Vault' is UPPERCASE), preceded by opening curly parentheses.
- aliasName is the Vault Alias, where the parameter
, which stores the confidential data, - is defined.
- key is the parameter which stores the confidential
data- information.
- Finally closed by a closing curly parentheses.
- A period is used as a separator between Vault and aliasName; and aliasName and key.
Now if a REST Consumer Web Service is using vault for storing and fetching a password, we define the URL in the form: http://server:host?username=<username>&password={Vault.aliasName.key} For example- http://192.168.1.195:8080?username=admin&password={Vault.safe.client_key} Image RemovedYou can use Vault to mask the confidential information instead of providing it as a plain text, in the following services: |
Expand |
---|
|
- Click the Vault Name or, Click next to the Vault you wish to edit, and select Edit.
You can edit the information in the window that appears. Note that you cannot CANNOT rename Alias once it is created. Other details that cannot CANNOT be modified are 'Creation Date', 'Modified Date' and, 'Last Modified by'.
- Click Save.
|
...