FlexDeploy 5.2 introduces integration integrates with external credential stores like HashiCorp Vault and , CyberArk AAM, and Azure Key Vault and also has API to integrate with other credential stores. This integration is focused on retrieval of secure credential text during workflow executions. Credentials (Password, Passphrase, etc.) for Endpoints, Project, Environment Instance, Integration Instances can be configured for retrieval from the external credential store. Note that such credentials retrieved from external credential stores are not stored, cached, or printed in FlexDeploy, which allows you to update credentials as per your requirements without changing anything in FlexDeploy. At the same time, FlexDeploy also supports a Local credential store where credentials are stored in an encrypted format in the FlexDeploy database. FlexDeploy Local credential store uses AES 128 or AES 256 bit encryption. See Java Cryptography Extension (JCE) unlimited strength policy files to use AES 256 bit encryption.
| Tip | ||
|---|---|---|
| ||
FlexDeploy will automatically migrate existing credentials encrypted property values and endpoint password/passphrase to Local credential store at startup. Each migrated credential will be uniquely named also. Local credential store is introduced with FlexDeploy 5.2. You can continue to use that Local credential store or choose to migrate to external credential store as necessary. See example below for credentials that were migrated to Local credential store. |
...
Note that FlexDeploy only allows retrieval of credentials from the external credential store, i.e. you will need to manage credentials using tools provided by the credential store. You can always manage Local credentials using UI or REST API.
...
- Out of box integration with HashiCorp Vault and , CyberArk AAM (certificate authentication and agent based), and Azure Key Vault
- Local credential store (useful for customers that do not have an external credential store)
- Ability to integrate with other credential stores
- Credentials can be managed from a central location or from the individual place where the credential is utilized.
Terminology
...
| Tip | ||
|---|---|---|
| ||
If you want to integrate with HashiCorp Vault or , CyberArk AAM, or Azure Key Vault, you must first create a Credential Store definition in FlexDeploy, then you can create individual credentials as necessary. If you want to integrate with other credential stores, then you need to first create new Credential Store Provider, then create Credential Store definition, then you can create individual credentials as necessary. If you want to just use the Local credential store, then you can just create credentials as necessary for the Local credential store. |
Let's review each topic in detail now.
...