Adding secrets to the internal vault

Important: IBM® Cloud Pak for Data Version 4.5 will reach end of support (EOS) on 31 July, 2025. For more information, see the Discontinuance of service announcement for IBM Cloud Pak for Data Version 4.X.

Upgrade to IBM Software Hub Version 5.1 before IBM Cloud Pak for Data Version 4.5 reaches end of support. For more information, see Upgrading IBM Software Hub in the IBM Software Hub Version 5.1 documentation.

You can add secrets to the internal vault and enable users and applications to retrieve the secrets from the vault as needed.

Permissions you need for this task: Any user can add secrets to the internal vault.
When you need to complete this task: You can complete this task anytime after Cloud Pak for Data is installed, vaults are enabled, and you need to add a secret (including the secret content) to the platform vault. For information on enabling vaults, see Enabling vaults for the Cloud Pak for Data web client.

About this task

If you have permission, you can add secrets to the internal vault. When you add secrets to the internal vault, you configure the secret details and you also provide the content that is stored in the secret.

Procedure

To add a secret to the internal vault:

From the navigation menu, select Administration > Configurations.
Open the Vaults and secrets tab.
On the Vaults tab, you can view all of the vaults that are associated with the cluster and that you either created or have permission to manage. On the Secrets tab, you can view all of the secrets that you created or that have been shared with you, and any secrets that you have permission to manage.
On the Vaults tab, find and open the internal vault (Platform Vault).
On the Secrets tab, click Add secret.
Select the type of authentication information that is stored in the secret that you are adding to the internal vault and enter the values:
- Username and password: Enter the username and password that you want to store in the secret in the internal vault.
- Key: Enter the authentication token that you want to store in the secret in the internal vault.
- SSL certificate: Enter the SSL certificate that you want to store in the internal vault.
- Token: Enter the token that you want to store in the secret in the internal vault.
- Custom: Enter a custom secret in JSON format. Use a custom secret to store a unique type or multiple types of information in the secret. Enter the type of information and the actual value that is to be stored as a key-value pair. The parameters that you specify depend on the type of information you are storing in the secret. The following JSON sample shows some key-value pairs that you might add as custom secrets:
```
{
"accessToken": "accessTokenValue",
"clientSecret": "clientSecretValue",
"username_password": { username password }
}
```
  Restriction: You cannot use a Custom secret to provide credentials when you create a connection. You must use another type of secret, such as a Username and password secret or a Key secret.
Select the users and groups that you want to share the secret with.
Those users can access only the secret that you share. They do not have access to the vault or any other secrets in the vault.
You cannot share secrets that are shared with you.
Click Add secret.

Results

The secret details and content are added to the internal vault and it is shared with any users that you specified. You can update the details of the secret as necessary. Cloud Pak for Data users and services can retrieve the secret directly from the internal vault. Users that are assigned the Manage secrets and vaults permission can remove the secret from the internal vault.