Vault archive type
Use the Vault archive type to create
configurations that supply a prepopulated vault archive, which contains encrypted credentials that
were exported from an integration server vault or an external directory vault in IBM® App Connect Enterprise. The encrypted credentials can be used to access secured
resources that are referenced in the message flows in an IBM App Connect Enterprise
Toolkit
integration.
Vault archive type works
with the Vault archive key type, so you need both of these configurations if your
IBM App Connect Enterprise
Toolkit integration is configured to connect to secured
resources.Vault archiveandVault archive key: Use this combination for integration servers or integration runtimes at version 13.0.3.0-r1 or later.VaultandVault key: This combination is supported for integration servers or integration runtimes at version 13.0.2.2-r2 or earlier, and is deprecated in 13.0.3.0-r1 or later.
Summary of key details for the configuration type
| File name or type | Contains secrets | Path extracted/imported to | Maximum allowed per integration server or integration runtime |
|---|---|---|---|
| .zip | Yes | Imported into an internal vault that is created in /home/aceuser/ace-server/config/vault | 1 |
Creating the .zip vault archive file for a configuration object of type
Vault archive
The Vault archive type requires a vault archive file in
.zip format, which contains encrypted credentials that the integration server or integration runtime can use to connect to a secured resource such as
a remote server or service.
Only one .zip vault archive can be specified per integration server or integration runtime. The contents of the .zip file are imported into an internal vault that is created in the container file system.
To obtain a .zip vault archive from IBM App Connect Enterprise, use the following information as a guide:
- From your IBM App Connect Enterprise system, configure a vault that stores
credentials that one or more integration servers can use to access secured resources.
- Use the Toolkit, the Connector Discovery wizard, or the ibmint or
mqsivault commands to configure the relevant vault type.
- Configure an integration server vault with the requisite vault key that an independent integration server can use to access secured resources. An integration server vault is created in the integration server's work directory, and any credentials that are stored in the vault can be accessed only by that integration server. For more information, see Configuring an integration server vault in the IBM App Connect Enterprise documentation.
- Configure an external directory vault with the requisite external directory vault key that one or more integration servers can use to access secured resources. You can create an external directory vault in your Toolkit workspace project or in a file system directory, and then configure any number of integration servers to use the vault by specifying its unique location. For more information, see Configuring an external directory vault in the IBM App Connect Enterprise documentation.
- Store encrypted credentials in the integration server vault or external directory vault. You can configure security credentials by using commands, the Toolkit, or the administration REST API. For more information, see Configuring encrypted security credentials and Managing credentials in an external directory vault by using the IBM App Connect Enterprise Toolkit in the IBM App Connect Enterprise documentation.
- Use the Toolkit, the Connector Discovery wizard, or the ibmint or
mqsivault commands to configure the relevant vault type.
- Export the credentials from the integration server vault or external directory vault to a vault
archive in .zip format by using either of these commands. Supply an archive key
that is needed to symmetrically encrypt and decrypt the credentials in the .zip
vault
archive.
- Use the mqsivault command with the --export parameter to
copy the contents of the integration server vault or external directory vault into a
.zip vault archive that is saved to a specified archive location.
The following example exports credentials from an external directory vault into a .zip vault archive, which is secured with a specified archive key and saved to a specified location.
mqsivault --ext-vault-dir C:\Users\myUser\IBM\ACET13\workspace_Test\TEST_EXT_DIR_VAULT --ext-vault-key password --export --archive-location C:\temp\myvaultarchive.zip --archive-key archivepasswordThe following example exports credentials from an integration server vault into a .zip vault archive, which is secured with a specified archive key and saved to a specified location.
mqsivault --work-dir C:\Users\myUser\IBM\ACET13\workspace_intserv\TEST_SERVER --vault-key passw0rd --export --archive-location C:\temp\myisvaultarchive.zip --archive-key isarchivepasswordFor more information, see mqsivault command in the IBM App Connect Enterprise documentation.
- Use the ibmint export credentials command to export credentials from the
integration server vault or external directory vault into a .zip vault archive
that is saved to a specified archive location.
The following example exports credentials from an external directory vault into a .zip vault archive, which is secured with a specified archive key and saved to a specified location.
ibmint export credentials --external-directory-vault C:\Users\myUser\IBM\ACET13\workspace_extdir\TEST_EXT_DIR_VAULT --external-directory-vault-key myextdirvaultkey --archive-location C:\temp\extdir_archive.zip --archive-key myextdirarchivekeyThe following example exports credentials from an integration server vault into a .zip vault archive, which is secured with a specified archive key and saved to a specified location.
ibmint export credentials --work-directory C:\Users\myUser\IBM\ACET13\workspace_4409\TEST_SERVER --vault-key myisvaultkey --archive-location C:\temp\is_archive.zip --archive-key myisarchivekeyFor more information, see ibmint export credentials command in the IBM App Connect Enterprise documentation.
- Use the mqsivault command with the --export parameter to
copy the contents of the integration server vault or external directory vault into a
.zip vault archive that is saved to a specified archive location.
After you create the file, you can use it to create a configuration object as described in Configuration reference: Creating an instance from the Red Hat OpenShift web console and Creating an instance from the Red Hat OpenShift or Kubernetes CLI.