For AI agents: a documentation index is available at the root level at /llms.txt and /llms-full.txt. Append /llms.txt to any URL for a page-level index, or .md for the markdown version of any page.
Open sourceSupportFAQsDocs Home
DocumentationAPI referenceRelease notes
DocumentationAPI referenceRelease notes
  • Platform On-Prem
    • Overview
    • Navigate
        • Overview
          • Overview
          • Install
          • Configure
          • kv-v2 secrets engine
          • Create secrets
          • Automatically encrypt properties
          • Manually encrypt properties
          • Troubleshoot
    • Search resources
  • Apps
    • FlowAI
    • Itential Automation Gateway
  • Resources
    • Itential Academy
    • Version lifecycle
    • Itential MCP
    • Accessibility conformance
    • Get support
    • FAQs
LogoLogo
Open sourceSupportFAQsDocs Home
On this page
  • Encrypt adapter properties
  • Encrypt integration properties
  • Encrypt profile properties
  • Encrypt properties.json values
  • Next steps
Platform On-PremControl accessSecretsHashiCorp Vault

Manually encrypt properties

Was this page helpful?
Previous

Troubleshoot Hashicorp issues

Next
Built with

You can encrypt specific keys in Vault using the $SECRET syntax. However, you should use automatic property encryption wherever possible.

Encrypt adapter properties

1

Create secret in Vault

Create a path and key name in Vault for the item. Use a path and key name that clearly relates to the target item.

2

Open adapter configuration

Go to Admin Essentials, click Adapters, and select an adapter.

3

Enable Advanced View

Click the Advanced View toggle to see the JSON configuration, which may be easier to edit.

4

Replace value with reference

Remove the existing value and replace it with the Vault reference:

"$SECRET_<path> $KEY_<key>"

For example: "$SECRET_default_password $KEY_key" evaluates to "password".

Note: Include a space before $KEY_.

5

Save configuration

Click Save. The adapter automatically restarts and uses Vault to decrypt the property.

6

Verify connection

The adapter should appear in the list with a green status indicator and connection icons.

Encrypt integration properties

1

Create secret in Vault

Create a path and key name in Vault for the item. Use a path and key name that clearly relates to the target item.

2

Open integration configuration

Go to Admin Essentials, click Integrations, and select an integration.

3

Locate property

Find the value you want to encrypt.

4

Enable Advanced View

Click the Advanced View toggle to see the JSON configuration.

5

Replace value with reference

Remove the existing value and replace it with the Vault reference:

"$SECRET_<path> $KEY_<key>"

For example: "$SECRET_default_password $KEY_key" evaluates to "password".

Note: Include a space before $KEY_.

6

Save configuration

Click Save. The integration automatically restarts and uses Vault to decrypt the property.

Encrypt profile properties

1

Create secret in Vault

Create a path and key name in Vault for the item. Use a path and key name that clearly relates to the target item.

2

Open profile configuration

Go to Admin Essentials, click Profiles, and select the currently running profile.

3

Select property

Click the Configure tab and select a profile property to encrypt.

4

Replace value with reference

Remove the existing value and replace it with the Vault reference:

"$SECRET_<path> $KEY_<key>"

For example: "$SECRET_default_password $KEY_key" evaluates to "password".

Note: Include a space before $KEY_.

5

Save configuration

Click Save to finalize the profile property changes.

6

Restart platform

Restart Itential Platform for the changes to take effect.

Encrypt properties.json values

1

Create secret in Vault

Create a path and key name in Vault for the item. Use a path and key name that clearly relates to the target item.

2

Open properties.json

Open the properties.json file and select a property to encrypt, such as "mongoProps.credentials.passwd".

You cannot encrypt any vaultProps values within properties.json.

3

Replace value with reference

Remove the existing value and replace it with the Vault reference:

"$SECRET_<path> $KEY_<key>"

For example: "$SECRET_default_password $KEY_key" evaluates to "password".

Note: Include a space before $KEY_.

4

Save file

Save the document.

5

Restart platform

Restart Itential Platform for the changes to take effect.

Next steps

Automatic encryption
Create secrets