FlexDeploy 5.2 introduces integration with external credential stores like HashiCorp Vault and CyberArk AAM. This integration is focused on retrieval of secure credential text during workflow executions. Credentials (Password, Passphrase etc.) for Endpoints, Project, Environment Instance, Integration Instances can be configured for retrieval from external credential store. Note that such credentials retrieved from external credential stores are not in FlexDeploy, which allows you to update credentials as per your requirements without changing anything in FlexDeploy. At the same time, FlexDeploy also supports Local credential store where credentials are stored in encrypted format in FlexDeploy database. FlexDeploy Local credential store uses AES 128 or AES 256 bit encryption. See Java Cryptography Extension (JCE) unlimited strength policy files to use AES 256 bit encryption.
| Tip | ||
|---|---|---|
| ||
FlexDeploy will automatically migrate existing credentials to Local credential store at startup. You can continue to use that or choose to migrate to external credential store as necessary. See example below for credentials that were migrated to Local credential store. |
Note that FlexDeploy only allows retrieval of credentials from external credential store, i.e. you will need to manage credentials using tools provided by credential store. You can always manage Local credentials using UI or REST API.
...