Configuring an external directory vault

You can create an external directory vault to store credentials that can be shared by any number of configured integration servers or integration nodes.

You can configure an external directory vault by using one of the following methods:

• Using the Connector Discovery wizard
  When you configure a discovery connector request node or input node by using the Connector Discovery wizard, you specify the vault that will be used to store the credentials for connecting to the endpoint application (such as Salesforce or Trello). You can specify the location of the external directory vault by using one of the following methods:

  • In the External directory vault location field, either accept the default value (TEST_EXT_DIR_VAULT) or edit the value to a name of your choice, then click Launch Discovery.
  • Click Select to open the vault location wizard.
    • Select the location of the external directory vault by choosing one of the following options:
      • Select Use a workspace project and either accept the default value or edit the value to a name of your choice, then click OK.
      • Select Use a file system directory, click Browse to select the folder that you want to use as the vault, and then click OK.
    • Click Launch Discovery.

  For more information about configuring connector request or input nodes by using connector discovery, see Discovery connector nodes.

• Using the mqsivault command

  You can use the mqsivault command to create or destroy a vault, to change or verify a vault key, or to retrieve credentials from the vault. The vault stores the records in encrypted form. Credentials that are stored in an external directory vault can be accessed concurrently by any number of integration servers that have been configured to use it.

  You can copy the contents of a vault into another vault by using the import and export options of the mqsivault command. You can use the --export parameter to copy the contents of a vault into a temporary archive (.zip file) and then use the --import parameter to import the contents of the archive file into the target vault. The vault entries are stored in the archive using an archive key to symmetrically encrypt and decrypt the values.

  For more information about using the mqsivault command to configure a vault, see mqsivault command and Configuring encrypted security credentials.

  For information about creating, updating, retrieving, or deleting the security credentials, see mqsicredentials command.

• Modifying the server.conf.yaml file

  You can use a parameter in the server.conf.yaml file to specify the path to the external directory vault.

  Uncomment the directory parameter of the ExternalDirectoryVault option for the Credentials stanza in the server.conf.yaml file. Add the file path to your external directory vault, inside the single quotation marks ''. For example, the stanza before the change:

  Credentials:
    ExternalDirectoryVault:
      #directory: ''   # Optional path to an external directory vault that is shared by this and other integration nodes and integration servers. Default ''.

  The stanza after the example path is added (use your own path here):

  Credentials:
    ExternalDirectoryVault:
      directory: '/my/directory/path-dir'   # Optional path to an external directory vault that is shared by this and other integration nodes and integration servers. Default ''.

  Save the server.conf.yaml file.
  Restart the integration server.