Hi, I'm Ask INFA!
What would you like to know?
ASK INFAPreview
Please to access Ask INFA.
Communities
A collaborative platform to connect and grow with like-minded Informaticans across the globe
Product Communities
Connect and collaborate with Informatica experts and champions
Discussions
Have a question? Start a Discussion and get immediate answers you are looking for
User Groups
Customer-organized groups that meet online and in-person. Join today to network, share ideas, and get tips on how to get the most out of Informatica
Get Started
Community Guidelines
Knowledge Center
Troubleshooting documents, product guides, how to videos, best practices, and more
Knowledge Base
One-stop self-service portal for solutions, FAQs, Whitepapers, How Tos, Videos, and more
Support TV
Video channel for step-by-step instructions to use our products, best practices, troubleshooting tips, and much more
Documentation
Information library of the latest product documents
Velocity (Best Practices)
Best practices and use cases from the Implementation team
Learn
Rich resources to help you leverage full capabilities of our products
Trainings
Role-based training programs for the best ROI
Certifications
Get certified on Informatica products. Free, Foundation, or Professional
Product Learning Paths
Free and unlimited modules based on your expertise level and journey
Resources
Library of content to help you leverage the best of Informatica products
Tech Tuesdays Webinars
Most popular webinars on product architecture, best practices, and more
Product Availability Matrix
Product Availability Matrix statements of Informatica products
SupportFlash
Monthly support newsletter
Support Documents
Informatica Support Guide and Statements, Quick Start Guides, and Cloud Product Description Schedule
Product Lifecycle
End of Life statements of Informatica products
Ideas
Events
Change Request Tracking
Marketplace
English
  • Administrator
  • All Products

Table of Contents

Search

  1. Preface
  2. Introducing Administrator
  3. Organizations
  4. Metering
  5. General and security settings
  6. Permissions
  7. Schedules
  8. Bundle management
  9. Event monitoring
  10. Troubleshooting security
  11. Licenses

Organization Administration

Organization Administration

Back Next

Configuring a connection to use the secrets manager

Configuring a connection to use the secrets manager

You can configure any connection that has sensitive credentials to retrieve these credentials from the secrets manager.
In some organizations that are configured to retrieve sensitive connection credentials from an external secrets manager, users must create connections in
Administrator
. Users in these organizations can't create or edit connections in
Data Integration
.
  1. Open the
    Connections
     page.
  2. Perform either of the following actions:
    • To create a connection, click
      New Connection
       and enter the connection details.
    • To edit a connection, click the connection name, and then click
      Edit
      .
  3. In the Connection Properties area, select
    Use Secret Vault
    .
  4. Enable the option next to each property that you store in the secrets manager, and then enter the path, including the secret name, in the corresponding field. If the secret is a JSON object, you'll also need to include the secret key.
    The following table shows the value to enter based on the format of the secret:
    Format of secret
    Format of value to enter
    JSON object, for example:
    {
    "engine": "mysql",
    "username": "tsmith",
    "password": "Hello123",
    "host": "my-database-endpoint.us-west-2.rds.amazonaws.com",
    "dbname": "myDatabase",
    "port": "1234"
}
    <secret_path>:<key>
    Alternatively, if you use AWS Secrets Manager, you can enter the full ARN of the secret in the following format*:
    arn:aws:secretsmanager:<region>:<account_ID>:secret:<secret_name>-<6_random_characters>:<secret_path>
    Simple value, for example:
    --name "MyPassword" --value "Hello123"
    <secret_path>
    Alternatively, if you use AWS Secrets Manager, you can enter the full ARN of the secret in the following format*:
    arn:aws:secretsmanager:<region>:<account_ID>:secret:<secret_name>-<6_random_characters>
    * If you use AWS Secrets Manager, and the account that hosts the Secure Agent differs from the account that hosts the secrets, you must enter the full ARN of the secret.
    For example, you configure a relational connection and you store the database password in HashiCorp Vault. The path to the secret is secret/data/MyCredentials, and the secret key is MyPassword. To retrieve the password from HashiCorp Vault, select
    Use Secret Vault
    , enable the option next to the
    Password
     field, and enter
    secret/data/MyCredentials:MyPassword
     in the
    Password
     field.
    The following image shows the connection details:
    The image shows the connection details for a SQL Server connection. In the SQL Server Connection properties area, the Use Secret Vault option is enabled. The option next to the Password field is also enabled and the Password field is masked with a series of dots.
  5. Select the runtime environment to be used with the connection.
    All Secure Agents within the runtime environment must be installed on a local machine or VM and must be able to access the secrets manager. Additionally, the SecretManagerApp service must be running on each agent.
  6. Configure the connection-specific properties.
  7. To test the connection, click
    Test Connection
    .
  8. Click
    Save
    .
For more information about configuring connections, see
Connections
.
0 COMMENTS
We’d like to hear from you!
Coomar Das - October 22, 2024

Hi,

The documentation seems to be lacking the format for Hashicorp Vault in item 4 above.

I think it is 

< secret path > : < secret key>

For e.g.: secret/data/hello:rsv1_pwd

Would you please verify and update the documentation?

There is no need to publish this comment.

Thank you.

Informatica Documentation Team - October 23, 2024

Hi Coomer,

Thanks for reaching out! We're currently verifying the format with our development and QA teams and will update the documentation with this information in an upcoming release.

Chad Kimmell - March 04, 2025

I am having a very difficult time determining what the values should be for Azure KeyVault. An example for the path to the secret would be good to show. The last comment on this documentation was in October of '24. When will this be updated?

Informatica Documentation Team - March 04, 2025

Hi Chad,

Thanks for reaching out! We're currently reviewing this with our engineering team and will update the documentation with examples for different secrets managers in an upcoming release.