You can configure your organization to retrieve sensitive connection credentials from an external secrets manager instead of storing the credentials in the
Informatica Intelligent Cloud Services
repository. A secrets manager is also called a secret vault or a key vault.
Using a secrets manager offers the following benefits:
You retain complete control of your sensitive connection credentials like passwords, OAuth tokens, and API shared secrets.
You can manage secrets across multiple environments instead of on a per-application basis.
You can rotate secrets on your schedule without affecting your connections, mappings, or tasks in
Informatica Intelligent Cloud Services
.
When you enable your organization to use a secrets manager, your Secure Agents can dynamically
access sensitive connection credentials from the secrets manager. You can configure one
secrets manager for each organization or sub-organization.
You can use one of the following secrets managers:
AWS Secrets Manager
Azure Key Vault
HashiCorp Vault (HCP cloud-hosted)
If you use AWS Secrets Manager, the Secure Agent can access it using role-based, instance
profile, or access key authentication.
Configure your organization or sub-organization to use a secrets manager on the
Security
tab of the
Settings
page, as
shown in the following image:
To configure your organization to use a secrets manager, you must have the Admin role or the
SMS Manage Connection and SMS View Connection feature privileges as well as sufficient
privileges to access the
Administrator
service. The
organization must also be configured to store connection credentials on the cloud.
You can't use a secrets manager
if your organization uses serverless runtime environments or stores connection
credentials on a local Secure Agent.
After you configure your organization to use a secrets manager, you can configure your
connections to retrieve credentials from the secrets manager.
ASK INFAPreview
