Azure Key Vault: Configure Groundplex Nodes

Overview

The node configuration file (secrets-config.json) contains the information that the Snaplex needs to access the appropriate secrets.

An Azure Key Vault set up with the required access policies and appropriate roles assigned to the managed identities
An appropriate managed identity associated with your Groundplex node (Virtual Machine)
Permissions to update the Groundplex nodes

In the node configuration file, you will enter the information you collected when setting up the Vault.

Create a secrets-config.json file.

Copy and paste the JSON structure and fill in the required values.

 {
  "AZURE" : [
    {
      "alias": "secret-alias-name",
      "url": "https://key-vault-name.vault.azure.net/",
      "user_identity": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxxx",
      "project_space": "/snaplogic/shared"
    },
    ...
  ]
}


alias	The name of this configuration object. Important: Do not use any of the reserved default aliases (such as `DEFAULT_AWS`) in your custom secrets-config.json file.
url	The URL of the Azure Key Vault. This URL establishes peer communication with your Groundplex nodes.
user_identity	Optional. The client ID of your user-assigned managed identity. Pass an empty value to this key or remove this key to use your system-assigned managed identity.
project_space	Optional. If specified, restricts the use of secrets to accounts in the specified project space. Use this format: `/<org>/<project_space>[/<project_name>]` where the `<project_name>` is optional. Example: `/<org>/<project_space>/<project>`, `/<org>/shared`, `/<org>/<project_space>/shared`

For every Azure Key Vault, you need a configuration object inside the AZURE array with the appropriate values.

Save the file.

Configure each JCC node in your Groundplex.
1. Copy the secrets-config.json file to the /etc/snaplogic directory.
2. Restart the JCC service.
  On Linux, /opt/snaplogic/bin/jcc.sh restart

Configure dynamic SnapLogic accounts to connect to your secrets manager and to authenticate.