Vault type

Use the Vault type to create configurations that supply a prepopulated vault that was created in IBM® App Connect Enterprise. This vault stores encrypted credentials for connecting to secured resources that are referenced in the message flows in an IBM App Connect Enterprise Toolkit integration.

Tip: The Vault type works with the Vault Key type, so you need both of these configurations if your IBM App Connect Enterprise Toolkit integration is configured to connect to secured resources.

Summary of key details for the configuration type

File name or type Contains secrets Path extracted/imported to Maximum allowed per integration runtime
vault.zip Yes /home/aceuser/ace-server/config/vault 1

About the vault.zip file

The Vault type requires a vault.zip file that the integration runtime uses to establish a connection to a secured resource such as a remote server or service.

Only one vault.zip file can be specified per integration runtime. The contents of the vault.zip file are extracted to the /home/aceuser/ace-server/config directory in the integration runtime work path.

To obtain a vault.zip file, complete the following steps:

  1. Create or generate a vault (with a specified vault key) in your IBM App Connect Enterprise system. The method that you use might depend on how the message flows are configured for the integration that you want to deploy, or might depend on user preference. Two possible scenarios (among others) are as follows.
    • From the IBM App Connect Enterprise Console, you can create a vault by using the mqsivault command, and then use the mqsicredentials command to configure security credentials and store them in encrypted form in the vault. Each independent IBM App Connect Enterprise integration server has its own vault that is stored in the work directory, with its own vault key.

      For more information, see Configuring encrypted security credentials in the IBM App Connect Enterprise documentation.

    • From the IBM App Connect Enterprise Toolkit, you can create an integration server that includes a Discovery Connector message flow node such as a Salesforce Request node. You create a policy project, specify a vault key, and then use the Connector Discovery wizard to configure the node. After you specify (and then save) the connection details for accessing the client application, the credentials are stored in encrypted form within a generated vault in the work directory. The other connection details (such as endpoint information) are saved in a generated policy in the policy project. This policy references the credentials that were saved to the vault and controls access to the application at run time.

  2. Go to the integration server work directory and locate the folder for the populated vault. The default path to this folder is workdir/config/vault; for example, C:\Users\MYname\IBM\ACET12\workspace\FD_TEST_SERVER\config\vault (on Windows).
  3. Compress the vault folder to a vault.zip file.

    A sample vault.zip file is attached to show the expected structure: vault.zip.

Creating a configuration for the Vault type by using the configuration panel

You can create a Vault-type configuration while creating an integration runtime, or independently, as follows:

  1. Open the Configuration page by clicking the Configuration icon Configuration icon in the navigation pane. Then, click Create configuration. For more information, see Creating configurations on the Configurations page.
  2. From the Create configuration panel, select Vault from the Type list.
  3. In the Name field, specify a name for this configuration.
  4. In the Description field, specify text that will help you identify the type of credentials that are stored in the vault.
    Create configuration panel
  5. To import the vault.zip file, click within the boxed area to select the file from a file browser, or drag-and-drop the file. The name of the imported file is displayed.
    Imported vault.zip file
  6. Click Create. The configuration is added to the configurations table and can be selected for use with an integration runtime.

Updating or deleting a configuration

If you need to update the content or settings in a configuration, or delete a configuration that's no longer needed, see Creating configurations on the Configurations page.