Secrets Management with Azure Key Vault

Overview

SnapLogic Secrets Management supports using secrets stored in Azure Key Vault in Snap accounts through the managed identity-based authentication.

Azure Key Vault allows storing and controlling access to secrets such as tokens, passwords, unencrypted API keys, and others in the form of key pairs. You can access these secrets through an Azure portal application, or as a user, client, or an external app.
Important: SnapLogic supports accessing the secrets listed (and not keys and certificates) available in the Azure Key Vault through managed identity-based authentication.
  • You need to set the alias parameter to the alias name of your secret object in the secrets-config.json file.
  • Collect the Vault URI of your Azure Key Vault from its Overview > Essentials > Vault URI in the Azure Portal.
Note:
  • Only dynamic account types, those with expression-enabled fields, work with a secrets manager. If the account type you need is not dynamic, contact your CSM.
  • To pick up changes to the secret-config.json file, you must restart the Snaplex node by restarting the JCC service.

If a user has access to the secrets, the secrets can be viewed in REST Snap previews and in responses.

To configure an Azure Key Vault as your secrets manager in SnapLogic:
  1. Set up a Vault with a managed identity.
  2. Configure Groundplex nodes.
  3. Configure dynamic SnapLogic accounts to connect to the Azure Key Vault and to authenticate.
Tip: You can restrict the use of secrets to accounts in a specific project space by adding the project_space setting to the secrets-config.json file when you configure your Groundplex.