Configuring an integration server vault

You can configure an integration server vault to store credentials, which can then be used by the integration server to access secured resources.

Before you begin

Read Configuring an IBM App Connect Enterprise vault.

About this task

An integration server vault is an App Connect Enterprise vault that can be used by a specific integration server. The vault is created in the integration server's work directory and can be accessed only by that integration server.

Procedure

You can configure an integration server vault by using one of the following methods:

  • Using the Connector Discovery wizard

    When you configure a discovery connector request node or input node by using the Connector Discovery wizard, you specify the vault that will be used to store the credentials for connecting to the endpoint application (such as Salesforce or Trello). By default, these credentials are stored in an external directory vault, which is an IBM App Connect Enterprise vault that can be used by any integration server. Alternatively, you can choose to store the credentials in an integration server vault, which is created in the integration server's work directory and can be used only by that integration server.

    Complete the following steps to configure an integration server vault during connector discovery:
    1. Ensure that the integration server is not running. If you attempt to run connector discovery when the integration server is running, you will need to stop it before launching the Connector Discovery wizard again (in step 3).
    2. By default, credentials are stored in an external directory vault, rather than an integration server vault. If you want to specify an integration server vault during connector discovery, you must first enable the option by completing the following steps:
      1. In the IBM App Connect Enterprise Toolkit, select Window > Preferences > Integration development > Vault settings.
      2. Select Enable use of an integration server vault.
      3. Click Apply and close.

        The option to use an integration server vault is now enabled and will be visible in the Connector Discovery wizard the next time it is started (see step 3).

    3. Start the Connector Discovery wizard by clicking Launch connector discovery in the property editor for the connector node that you want to configure. For more information, see Discovery connector nodes.
    4. Select Use an integration server vault, click Browse and select the integration server's work directory folder.

    For more information about configuring connector request or input nodes by using connector discovery, see Discovery connector nodes.

  • Using the mqsivault command

    You can use the mqsivault command to create or destroy a vault, to change or verify a vault key, or to retrieve credentials from the vault. The vault stores the records in encrypted form. An integration server vault is created in the integration server's work directory, and credentials that are stored in an integration server vault can be accessed only by that integration server.

    You can copy the contents of a vault into another vault by using the import and export options of the mqsivault command. You can use the --export parameter to copy the contents of a vault into a temporary archive (.zip file) and then use the --import parameter to import the contents of the archive file into the target vault. The vault entries are stored in the archive using an archive key to symmetrically encrypt and decrypt the values.

    For more information about using the mqsivault command to configure a vault, see mqsivault command and Configuring encrypted security credentials.

    For information about creating, updating, retrieving, or deleting the security credentials, see mqsicredentials command.