Credential Store Provider encapsulates logic required to retrieve credential from specific type of store. There are few providers available out of box, and you can define custom implementations using either Java class or Groovy script. Provider will define properties necessary to connect to credential store as well inputs necessary for each credential.
Here are out of box credential store providers. You can view this screen by clicking on Providers button on Credentials page (Administration - Security - Credentials)
Local credential store retrieves credentials from FlexDeploy database, credentials are encrypted in FlexDeploy database. You can view details on other credential store providers on Credential Store page. Credential Store Providers screen allows you to view details on out of box providers as well, but you are not allowed to change out of box credential store providers. You can create additional credential store providers as necessary.
Here is how HashiCorp Vault provider is setup in FlexDeploy. Note that it comes up Java Implementation for retrieval of credentials.
What is involved in defining credential store provider?
- Provide high level details like name and description.
- Define credential store properties. Properties are configuration values that will be utilized to connect to credential store, which is reused to retrieve all credentials for one instance of credential store. Properties are optional as all access details might be coded in API implementation.
- If you define properties, you can indicate display and validation details. You can also indicate if property is required and/or encrypted.
- Define credential inputs. You must have at least one input. Inputs are defined for each credential. For example, inputs to retrieve Endpoint1 password might be different than Endpoint2 password.
- If you define properties, you can indicate display and validation details. You can also indicate if property is required and/or encrypted.
- Provide either Java Implementation of Groovy API.