Secrets Management with Azure Key Vault
Overview
SnapLogic Secrets Management supports using secrets stored in Azure Key Vault in Snap accounts through the managed identity-based authentication.
Azure Key Vault allows storing and controlling access to secrets such as tokens, passwords, unencrypted API keys, and others in the form of key pairs.
You can access these secrets through an Azure portal application, or as a user, client, or an external app.
Important: SnapLogic supports accessing the secrets listed (and not keys and certificates) available in the Azure Key Vault through managed identity-based authentication.
- You need to set the
alias
parameter to the alias name of your secret object in the secrets-config.json file. - Collect the Vault URI of your Azure Key Vault from its in the Azure Portal.
Note:
- Only dynamic account types, those with expression-enabled fields, work with a secrets manager. If the account type you need is not dynamic, contact your CSM.
- To pick up changes to the secret-config.json file, you must restart the Snaplex node by restarting the JCC service.
If a user has access to the secrets, the secrets can be viewed in REST Snap previews and in responses.
To configure an Azure Key Vault as your secrets manager in SnapLogic:
Tip: You can restrict the use of secrets to accounts in a specific project space
by adding the
project_space
setting to the secrets-config.json file
when you configure your Groundplex.