Vault archive key type
Use the Vault archive key type to create
configurations that supply a vault archive key, which decrypts an IBM® App Connect Enterprise vault archive that stores credentials for connecting to secured
resources.
Vault archive key type
works with the Vault archive type, so you need both of these configurations if your
IBM App Connect Enterprise
Toolkit integration is configured to connect to secured
resources.Vault archiveandVault archive key: Use this combination for integration servers or integration runtimes at version 13.0.3.0-r1 or later.VaultandVault key: This combination is supported for integration servers or integration runtimes at version 13.0.2.2-r2 or earlier, and is deprecated in 13.0.3.0-r1 or later.
Summary of key details for the configuration type
| File name or type | Contains secrets | Path extracted/imported to | Maximum allowed per integration server or integration runtime |
|---|---|---|---|
| String value | Yes | Not applicable (Passed to the integration server or integration runtime command line on startup) | 1 |
About the Vault archive key value
The Vault archive key type requires a string value that is used to decrypt a
vault archive, which is stored in a configuration object of type Vault archive.
This string value must match the archive key that you supplied in the command to export the
credentials from an integration server vault or external directory vault to a
.zip vault archive. An archive key symmetrically encrypts and decrypts the
credentials in a vault archive. For information about exporting a vault, see mqsivault command and ibmint export credentials command in the IBM App Connect Enterprise documentation.
Only one vault archive key can be specified per integration server or integration runtime. When you export the credentials from an integration server vault or external directory vault in IBM App Connect Enterprise, the supplied archive key encrypts the .zip vault archive that is created. When you subsequently deploy an integration server or integration runtime that uses this vault archive, you need to supply the same archive key to decrypt the vault archive. This vault archive is then imported into a new vault that is created for use by the deployed integration.
Creating a configuration for the Vault archive key type by using the configuration panel
You can create a Vault archive key-type configuration while creating an integration server or integration runtime, or independently, as follows:
- Open the Configuration page by clicking the
Configuration icon
in the navigation pane, or go to the Configuration view of an integration server or integration runtime that you are creating. Then, click
Create configuration. For more information, see Managing configuration objects from the Configuration page. - From the
Create configuration
panel, select Vault archive key from the Type list. - In the Name field, specify a name for this configuration.
- In the Description field, specify text that will help you identify the
Vault archiveconfiguration object that the vault archive key is associated with.
- In the Vault archive key section, enter the string value of the vault
archive key directly into the text editor.
- Click Create. The configuration is added to the configurations table and can be selected for use with an integration server or integration runtime.
Updating or deleting a configuration
If you need to update the content or settings in a configuration, or delete a configuration that's no longer needed, see Managing configuration objects from the Configuration page.