Vault type
Use the Vault
type to create configurations that supply a
prepopulated vault that was created in IBM® App Connect Enterprise. This vault stores
encrypted credentials for connecting to secured resources that are referenced in the message flows
in an IBM App Connect Enterprise
Toolkit integration.
Vault
type works with the
Vault Key
type, so you need both of these configurations if your IBM App Connect Enterprise
Toolkit integration is configured to connect to secured
resources.Summary of key details for the configuration type
File name or type | Contains secrets | Path extracted/imported to | Maximum allowed per integration runtime |
---|---|---|---|
vault.zip | Yes | /home/aceuser/ace-server/config/vault | 1 |
About the vault.zip file
The Vault
type requires a vault.zip file that the integration runtime uses to establish a connection to a secured
resource such as a remote server or service.
Only one vault.zip file can be specified per integration runtime. The contents of the vault.zip file are extracted to the /home/aceuser/ace-server/config directory in the integration runtime work path.
To obtain a vault.zip file, complete the following steps:
- Create or generate a vault (with a specified vault key) in your IBM App Connect Enterprise system. The method that you use might depend on how the message
flows are configured for the integration that you want to deploy, or might depend on user
preference. Two possible scenarios (among others) are as follows.
- From the IBM App Connect Enterprise Console, you can create a vault by using the
mqsivault command, and then use the mqsicredentials command to configure security credentials and store them in
encrypted form in the vault. Each independent IBM App Connect Enterprise integration
server has its own vault that is stored in the work directory, with its own vault key.
For more information, see Configuring encrypted security credentials in the IBM App Connect Enterprise documentation.
- From the IBM App Connect Enterprise Toolkit, you can create an integration server that includes a Discovery Connector message flow node such as a Salesforce Request node. You create a policy project, specify a vault key, and then use the Connector Discovery wizard to configure the node. After you specify (and then save) the connection details for accessing the client application, the credentials are stored in encrypted form within a generated vault in the work directory. The other connection details (such as endpoint information) are saved in a generated policy in the policy project. This policy references the credentials that were saved to the vault and controls access to the application at run time.
- From the IBM App Connect Enterprise Console, you can create a vault by using the
mqsivault command, and then use the mqsicredentials command to configure security credentials and store them in
encrypted form in the vault. Each independent IBM App Connect Enterprise integration
server has its own vault that is stored in the work directory, with its own vault key.
- Go to the integration server work directory and locate the folder for the populated vault. The default path to this folder is workdir/config/vault; for example, C:\Users\MYname\IBM\ACET12\workspace\FD_TEST_SERVER\config\vault (on Windows).
- Compress the vault folder to a vault.zip file.
A sample vault.zip file is attached to show the expected structure: vault.zip.
Creating a configuration for the Vault type by using the configuration panel
You can create a Vault
-type configuration while creating an integration runtime, or independently, as follows:
- Open the Configuration page by clicking the Configuration icon in the navigation pane. Then, click Create configuration. For more information, see Creating configurations on the Configurations page.
- From the
Create configuration
panel, select Vault from the Type list. - In the Name field, specify a name for this configuration.
- In the Description field, specify text that will help you identify the
type of credentials that are stored in the vault.
- To import the vault.zip file, click within the boxed area to select the
file from a file browser, or drag-and-drop the file. The name of the imported file is displayed.
- Click Create. The configuration is added to the configurations table and can be selected for use with an integration runtime.
Updating or deleting a configuration
If you need to update the content or settings in a configuration, or delete a configuration that's no longer needed, see Creating configurations on the Configurations page.