You can create an external directory vault to store credentials that can be shared by any
number of configured integration servers or integration nodes.
About this task
An external directory vault is an App Connect Enterprise vault that can be
shared by any number of integration servers. The external directory vault is created in a directory
that is external to the integration server, rather than the integration server's work directory. You
choose the location in the file system in which to create the vault, and then configure each
integration server to use it by specifying its unique location.
An external directory vault can also be used by any number of integration nodes and the
components that are managed by each integration node, including the managed integration servers and
the integration node-wide HTTP listener.
Procedure
You can configure an external directory vault by using one of the following
methods:
- Using the Connector Discovery wizard
When you configure a discovery connector request node or input node by using the Connector
Discovery wizard, you specify the vault that will be used to store the credentials for connecting to
the endpoint application (such as
Salesforce or
Trello). You can specify the location of the external
directory vault by using one of the following methods:
- In the External directory vault location field, either accept the default
value (TEST_EXT_DIR_VAULT) or edit the value to a name of your choice, then click
Launch Discovery.
- Click Select to open the vault location wizard.
- Select the location of the external directory vault by choosing one of the following options:
- Select Use a workspace project and either accept the default value or
edit the value to a name of your choice, then click OK.
- Select Use a file system directory, click Browse
to select the folder that you want to use as the vault, and then click
OK.
- Click Launch
Discovery.
For more information about configuring connector request or input nodes by using connector
discovery, see Discovery connector nodes.
- Using the mqsivault command
You can use the mqsivault command to create or destroy a
vault, to change or verify a vault key, or to retrieve credentials from the vault. The vault stores
the records in encrypted form. Credentials that are stored in an external directory vault can be
accessed concurrently by any number of integration servers that have been configured to use it.
You can copy the contents of a vault into another vault by using
the import and export options of the mqsivault command. You
can use the --export parameter to copy the contents of a vault into a temporary
archive (.zip file) and then use the --import parameter to import the contents
of the archive file into the target vault. The vault entries are stored in the archive using an
archive key to symmetrically encrypt and decrypt the values.
For more information about using the mqsivault command to
configure a vault, see mqsivault command and Configuring encrypted security credentials.
For information about creating, updating, retrieving, or deleting the security credentials, see
mqsicredentials command.