You can configure an integration server vault to store credentials, which can then be
used by the integration server to access secured resources.
About this task
An integration server vault is an App Connect Enterprise vault that can be used by
a specific integration server. The vault is created in the integration server's work directory and
can be accessed only by that integration server.
Procedure
You can configure an integration server vault by using one of the following
methods:
- Using the Connector Discovery wizard
When you configure a discovery connector request node or input node by using the Connector
Discovery wizard, you specify the vault that will be used to store the credentials for connecting to
the endpoint application (such as Salesforce or Trello). By default, these credentials are stored in an
external directory vault, which is an IBM App Connect Enterprise vault that can
be used by any integration server. Alternatively, you can choose to store the credentials in an
integration server vault, which is created in the integration server's work directory and can be
used only by that integration server.
Complete the following steps to configure an integration server vault during connector discovery:
- Ensure that the integration server is not running. If you attempt to run connector discovery
when the integration server is running, you will need to stop it before launching the Connector
Discovery wizard again (in step 3).
- By default, credentials are stored in an external directory vault, rather than an integration
server vault. If you want to specify an integration server vault during connector discovery, you
must first enable the option by completing the following steps:
- In the IBM App Connect
Enterprise Toolkit, select
.
- Select Enable use of an integration server vault.
- Click Apply and close.
The option to use an integration server vault is
now enabled and will be visible in the Connector Discovery wizard the next time it is started (see
step 3).
- Start the Connector Discovery wizard by clicking
Launch connector discovery in the property editor for the connector node that
you want to configure. For more information, see Discovery connector nodes.
- Select Use an integration server vault, click
Browse and select the integration server's work directory folder.
For more information about configuring connector request or input nodes by using connector
discovery, see Discovery connector nodes.
- Using the mqsivault command
You can use the mqsivault command to create or destroy a
vault, to change or verify a vault key, or to retrieve credentials from the vault. The vault stores
the records in encrypted form. An integration server vault is created in the integration server's
work directory, and credentials that are stored in an integration server vault can be accessed only
by that integration server.
You can copy the contents of a vault into another vault by using
the import and export options of the mqsivault command. You
can use the --export parameter to copy the contents of a vault into a temporary
archive (.zip file) and then use the --import parameter to import the contents
of the archive file into the target vault. The vault entries are stored in the archive using an
archive key to symmetrically encrypt and decrypt the values.
For more information about using the mqsivault command to
configure a vault, see mqsivault command and Configuring encrypted security credentials.
For information about creating, updating, retrieving, or deleting the security credentials, see
mqsicredentials command.