Platform On-PremControl accessSecretsHashiCorp Vault

Manually encrypt properties

You can encrypt specific keys in Vault using the $SECRET syntax. However, you should use automatic property encryption wherever possible.

Encrypt adapter properties

1

Create secret in Vault

Create a path and key name in Vault for the item. Use a path and key name that clearly relates to the target item.

2

Open adapter configuration

Go to Admin Essentials, click Adapters, and select an adapter.

3

Enable Advanced View

Click the Advanced View toggle to see the JSON configuration, which may be easier to edit.

4

Replace value with reference

Remove the existing value and replace it with the Vault reference:

"$SECRET_<path> $KEY_<key>"

For example: "$SECRET_default_password $KEY_key" evaluates to "password".

Note: Include a space before $KEY_.

5

Save configuration

Click Save. The adapter automatically restarts and uses Vault to decrypt the property.

6

Verify connection

The adapter should appear in the list with a green status indicator and connection icons.

Encrypt integration properties

1

Create secret in Vault

Create a path and key name in Vault for the item. Use a path and key name that clearly relates to the target item.

2

Open integration configuration

Go to Admin Essentials, click Integrations, and select an integration.

3

Locate property

Find the value you want to encrypt.

4

Enable Advanced View

Click the Advanced View toggle to see the JSON configuration.

5

Replace value with reference

Remove the existing value and replace it with the Vault reference:

"$SECRET_<path> $KEY_<key>"

For example: "$SECRET_default_password $KEY_key" evaluates to "password".

Note: Include a space before $KEY_.

6

Save configuration

Click Save. The integration automatically restarts and uses Vault to decrypt the property.

Encrypt profile properties

1

Create secret in Vault

Create a path and key name in Vault for the item. Use a path and key name that clearly relates to the target item.

2

Open profile configuration

Go to Admin Essentials, click Profiles, and select the currently running profile.

3

Select property

Click the Configure tab and select a profile property to encrypt.

4

Replace value with reference

Remove the existing value and replace it with the Vault reference:

"$SECRET_<path> $KEY_<key>"

For example: "$SECRET_default_password $KEY_key" evaluates to "password".

Note: Include a space before $KEY_.

5

Save configuration

Click Save to finalize the profile property changes.

6

Restart platform

Restart Itential Platform for the changes to take effect.

Encrypt properties.json values

1

Create secret in Vault

Create a path and key name in Vault for the item. Use a path and key name that clearly relates to the target item.

2

Open properties.json

Open the properties.json file and select a property to encrypt, such as "mongoProps.credentials.passwd".

You cannot encrypt any vaultProps values within properties.json.

3

Replace value with reference

Remove the existing value and replace it with the Vault reference:

"$SECRET_<path> $KEY_<key>"

For example: "$SECRET_default_password $KEY_key" evaluates to "password".

Note: Include a space before $KEY_.

4

Save file

Save the document.

5

Restart platform

Restart Itential Platform for the changes to take effect.

Next steps

Automatic encryption
Create secrets