...
Out of box integration with HashiCorp Vault, CyberArk AAM (certificate authentication and agent based), Azure Key Vault, and Thycotic Secret Server
Local credential store (useful for customers that do not have an external credential store)
Ability to integrate with other credential stores
Credentials can be managed from a central location or from the individual place where the credential is utilized.
Terminology
FlexDeploy Term | Description |
---|---|
Credential Store Provider | Provider encapsulates logic required to retrieve credential from specific type of store. There are few providers available out of box, but you can define custom implementations using either Java class or Groovy script. Provider will define properties necessary to connect to credential store as well inputs necessary for each credential. |
Credential Store | Credential store represents instance of specific type of credential store provider. You can have many such credential stores in FlexDeploy. For example, you can have store for Production credentials and another for Non Production credentials. Local credential store is available out of box. |
Credential | Represent each individual credential with inputs necessary to retrieve it from credential store. For local credential store, you will just provide secret text, but for HashiCorp Vault, you will provide path and key name to retrieve that credential from external credential store. |
Credential Name | Name to uniquely identify each credential. This must be unique across all credential stores. For example, if you are using same password for OS user oracle in Development environment, then you can use DEV OS Oracle as name for credential. |
Credential Scope | Scope for credential. This serves as filtering mechanism. Various scopes are Endpoint, Project, Instance, Environment Instance. This means that endpoint password credential can not be used for Git instance password. |
...
Tip |
---|
Getting StartedIf you want to integrate with HashiCorp Vault, CyberArk AAM, Azure Key Vault, or Thycotic Secret Server, you must first create a Credential Store definition in FlexDeploy, then you can create individual credentials as necessary. If you want to integrate with other credential stores, then you need to first create new Credential Store Provider, then create Credential Store definition, then you can create individual credentials as necessary. If you want to just use the Local credential store, then you can just create credentials as necessary for the Local credential store. |
...