Configuring a shared vault

You can create an external directory vault to store credentials that can be shared by any number of configured integration servers or integration nodes.

Before you begin

Read Configuring an IBM App Connect Enterprise vault.

About this task

An external directory vault is an App Connect Enterprise vault that can be shared by any number of integration servers. The external directory vault is created in a directory that is external to the integration server, rather than the integration server's work directory. You choose the location in the file system in which to create the vault, and then configure each integration server to use it by specifying its unique location.

An external directory vault can also be used by any number of integration nodes and the components that are managed by each integration node, including the managed integration servers and the integration node-wide HTTP listener.

Procedure

You can configure an external directory vault by using one of the following methods:

  • Using the Connector Discovery wizard
    When you configure a discovery connector request node or input node by using the Connector Discovery wizard, you specify the vault that will be used to store the credentials for connecting to the endpoint application (such as Salesforce or Trello). You can specify the location of the external directory vault by using one of the following methods:
    • In the External directory vault location field, either accept the default value (TEST_EXT_DIR_VAULT) or edit the value to a name of your choice, then click Launch Discovery.
    • Click Select to open the vault location wizard.
      • Select the location of the external directory vault by choosing one of the following options:
        • Select Use a workspace project and either accept the default value or edit the value to a name of your choice, then click OK.
        • Select Use a file system directory, click Browse to select the folder that you want to use as the vault, and then click OK.
      • Click Launch Discovery.

    For more information about configuring connector request or input nodes by using connector discovery, see Discovery connector nodes.

  • Using the mqsivault command

    You can use the mqsivault command to create or destroy a vault, to change or verify a vault key, or to retrieve credentials from the vault. The vault stores the records in encrypted form. Credentials that are stored in an external directory vault can be accessed concurrently by any number of integration servers that have been configured to use it.

    You can copy the contents of a vault into another vault by using the import and export options of the mqsivault command. You can use the --export parameter to copy the contents of a vault into a temporary archive (.zip file) and then use the --import parameter to import the contents of the archive file into the target vault. The vault entries are stored in the archive using an archive key to symmetrically encrypt and decrypt the values.

    For more information about using the mqsivault command to configure a vault, see mqsivault command and Configuring encrypted security credentials.

    For information about creating, updating, retrieving, or deleting the security credentials, see mqsicredentials command.