You can add references to secrets that are stored in supported external vaults so that
users and applications can retrieve the content of the secrets as needed.
- Permissions you need for this task
- To add references to secrets to external vaults, you must have the following permissions:
- Add vaults permission.
- Owner of the external vault.
- When you need to complete this task
- You can complete this task anytime after Cloud Pak for Data is installed and you need to add a reference to
a secret that is stored in an external vault.
About this task
You can add references to secrets that are stored in external vaults when you first add the vault integration, or anytime after the vault integration is
added. You can edit the details of secrets in a vault at any time. The secret and its content must
exist in the external vault. You add the link to the existing secret that enables users and
applications to retrieve the secret content from the external vault. You do not add the actual
secret content from the external vault in Cloud Pak for Data.
Procedure
To add a reference to a secret in an external vault:
- From the navigation menu, select
.
- Open the Vaults and secrets tab.
On the Vaults tab, you can view all of the vaults
that are associated with the cluster and that you either created or have permission to manage. On
the Secrets tab, you can view all of the secrets that you created or that
have been shared with you, and any secrets that you have permission to manage.
- On the Secrets tab, click Add
secret.
- Enter a name and an optional description for the
secret.
The name can contain only alphanumeric characters and hyphens.
- Select the vault that you are adding the secret to.
- Select the type of information that is
stored in the secret:
HashiCorp vault
Secret type |
Details |
Username and password |
The secret is used to store a username and password for authentication. |
Key |
The secret is used to store a key for authentication. |
Token |
The secret is used to store a token for authentication. |
SSL certificate |
The secret is used to store an SSL certificate for authentication. |
Custom |
The secret is used to store custom information. The custom secret does include fields that
are required by other secret types. |
CyberArk vault
Secret type |
Details |
Username and password |
The secret is used to store a username and password for authentication. |
Key |
The secret is used to store a key for authentication. |
Custom |
The secret contains a JSON blob that contains multiple fields. |
- Enter the secret details, as follows:
HashiCorp vault
Field |
Details |
Secret path |
The path to the secret in the vault. |
CyberArk vault
Secret type |
Details |
Safe |
The safe where the secret is stored in the vault. |
Account name |
The name of the account in the vault. |
- Select the users and groups that you want to share the secret
with.
Those users can access only the secret that you share. They do not have access to
the vault or any other secrets in the vault.
You cannot share secrets that are shared with
you.
- Click Add secret.
Results
The reference to the secret is added to Cloud Pak for Data and it is shared with any users that you
specified. You can update the details of the secret reference as necessary.