Automatically encrypt properties

For most sensitive properties in Itential Platform, you no longer need to manually create secrets in Vault. When Vault is configured, these properties are automatically encrypted.

For example, to create a Vault secret for a MongoDB password, simply create or update the profile through the API or UI with the password in plaintext. The password is stored in Vault, not in the database.

Adapters

Adapter properties that are automatically encrypted appear as starred values (●●●●●) in the form view.

View encrypted properties

When viewing an adapter with encrypted properties:

• New or empty encrypted fields show standard stars (●●●●●)
• Existing encrypted fields show differently-styled stars to indicate the field contains a value
• You cannot see the actual value while typing in form view

Advanced view behavior

In advanced view:

• You can see values while typing them
• Existing encrypted values appear as empty strings
• A tooltip indicates the property is encrypted

Integrations

Integration properties are automatically encrypted based on the authentication type used.

View encrypted properties

Encrypted integration properties behave the same as adapter properties:

• Starred values in form view
• Different star styles for new versus existing values
• Cannot see values while typing in form view

Advanced view behavior

In advanced view:

• You can see values while typing them
• Existing values always display as empty strings
• Tooltips indicate encrypted properties

Applications

Custom applications can have properties configured in propertiesDecorators.json to always be encrypted. These appear the same way as adapters and integrations in the Admin Essentials UI.

Profiles

Profile properties that need automatic encryption (such as redisProps password) display as starred values to indicate encryption.

Next steps