Adding secrets to the internal vault

You can add secrets to the internal vault so that you can use the secrets when you create connections.

Permissions you need for this task
Any user can add secrets to the internal vault.
When you need to complete this task

Complete this task if you need to add a secret to the internal vault.

Restriction: The internal vault might not be available. An administrator can disable the internal vault.

Procedure

To add a secret to the internal vault:

  1. From the navigation menu, select Administration > Configurations.
  2. Open the Vaults and secrets tab.
    On the Vaults tab, you can view all of the vaults that are associated with the cluster and that you either created or have permission to manage. On the Secrets tab, you can view all of the secrets that you created or that have been shared with you, and any secrets that you have permission to manage.
  3. On the Vaults tab, find and open the internal vault (Platform Vault).
  4. On the Secrets tab, click Add secret.
  5. Select the type of authentication information that is stored in the secret that you are adding to the internal vault and enter the values:
    • Username and password: Enter the username and password that you want to store in the secret in the internal vault.
    • Key: Enter the authentication token that you want to store in the secret in the internal vault.
    • SSL certificate: Enter the SSL certificate that you want to store in the internal vault.
    • Token: Enter the token that you want to store in the secret in the internal vault.
    • Custom: Enter a custom secret in JSON format. Use a custom secret to store a unique type or multiple types of information in the secret. Enter the type of information and the actual value that is to be stored as a key-value pair. The parameters that you specify depend on the type of information you are storing in the secret. The following JSON sample shows some key-value pairs that you might add as custom secrets:
      {
      "accessToken": "accessTokenValue",
      "clientSecret": "clientSecretValue",
      "username_password": { username password }
      }
      
      Restriction: You cannot use a Custom secret to provide credentials when you create a connection. You must use another type of secret, such as a Username and password secret or a Key secret.
  6. Select the users and groups that you want to share the secret with.
    Those users can access only the secret that you share. They do not have access to the vault or any other secrets in the vault.

    You cannot share secrets that are shared with you.

  7. Click Add secret.

Results

The secret details and content are added to the internal vault and it is shared with any users that you specified. You can update the details of the secret as necessary. Cloud Pak for Data users and services can retrieve the secret directly from the internal vault. Users that are assigned the Manage secrets and vaults permission can remove the secret from the internal vault.