Secrets Management

SnapLogic Secrets Management enables organizations to use a third-party secrets manager to store endpoint credentials.

SnapLogic Secrets Management enables organizations to use a third-party secrets manager to store endpoint credentials. Instead of entering credentials directly in endpoint accounts and having the SnapLogic Platform encrypt them, the accounts contain only the information necessary to retrieve the secrets. Pipelines run on a Groundplex and obtain the credentials directly from the secrets manager during validation and execution. With Secrets Management, the SnapLogic Platform doesn't store credentials.

Currently, we support the following secrets managers:

Secrets Cache

Pipelines that make many authentication requests for the same secret can take longer to complete when using Secrets Management. For these cases, we offer an optional Secrets Cache that encrypts and caches secrets. With the Secrets Cache enabled, on every request for a secret the Groundplex node checks in the cache and:

  • If found, returns the secret
  • If not found, retrieves the secret from the secrets manager, encrypts, and caches it

The cache provides the most benefits when the same secrets are requested frequently and the secret values don't change often. To enable the Secrets Cache, contact your CSM. The CSM can also set feature flags to increase or decrease the cache expiration time or to change the encryption key.

Limitations

The following limitations apply to the SnapLogic Secrets Management feature:
  • Secrets Management is available only for pipelines running on Groundplexes.
  • Secrets Management works only for account credentials, such as passwords or tokens. You can't use it for SnapLogic authentication or node server keys.
  • Only endpoint accounts with expression-enabled authentication fields support secret retrieval.

Workflow

The high-level process required to use Secrets Management includes the following steps:
  • To obtain a subscription for SnapLogic Secrets Management, contact your SnapLogic CSM.
  • A secrets manager administrator configures the storage for endpoint credentials, creates authentication roles and access permissions, and generates secrets.
  • A Groundplex administrator configures nodes to communicate with the secrets manager.
  • A pipeline designer or Environment admin configures the endpoint accounts to access the secrets manager.