Vault Resource¶
A password vault, which will be referred as Vault from now on, is a software application or service that securely stores and manages passwords and other sensitive information (certificate, secret, keys). Its primary purpose is to help users create, store, and organize strong and unique passwords for various online accounts and services in a secure and convenient manner.
Rulex Platform can use a connection to a Vault to retrieve at runtime the sensitive information needed to perform login/authentication/management operations without locally storing values.
Warning
Due to its sensitive nature, a vault connection is always saved at resource level, since a set of permissions must be defined to properly control user access.
To use a Vault resource in any panel, a vault connection is required, and the user must own the view permission on the resource itself, while modify permission is necessary to see its internal parameters.
Vault connection configuration¶
Rulex Platform supports the following vault services:
Azure KeyVault
Centrify (now Delinea Vault Suite)
Configuration parameters differ for any of these connectors as well as configuration interface. Configuration parameters of each connector are provided in next subsections.
Azure KeyVault
This connection allows Rulex Platform to connect to an Azure KeyVault, to retrieve and create secret inside the secure management.
The parameters needed to fill this connection are:
Name |
Description |
API param key |
Default |
---|---|---|---|
Url |
The Azure KeyVault URL location. |
host |
|
Client ID |
The identifier of the service principal application used for the connection. |
username |
|
Client Secret |
The passphrase of the service principal application used for the connection. |
password |
|
Tenant |
The tenant identifier of the company subscription. |
domain |
Centrify
This connection allows Rulex Platform to connect to a Centrify Vault Suite to retrieve and create secret inside the secure management.
The parameters needed to fill this connection are:
Name |
Description |
API param key |
Default |
---|---|---|---|
Url |
The Azure KeyVault URL location. |
host |
|
Client ID |
The identifier of the service principal application used for the connection. |
username |
|
Client Secret |
The passphrase of the service principal application used for the connection. |
password |
|
App ID |
The identifier of the company/application subscription. |
domain |
Using a Vault resource¶
To create a Vault resource, you need to open the Explorer panel (for more information refer to this page) and follow this:
Procedure
Click the Explore Resources icon to open the Explorer panel.
Deactivate the primary resource filter by toggling off on the Primary filter on the upper right side of the Explorer panel to add general resources.
Hover the mouse over the Plus button.
Select Add New Vault and a dedicated window will appear on the screen.
Select the type of Vault you want to connect to (see supported types).
Configure the various connection parameter following this guide. A test connection is performed; if unsuccessful, the error returned is displayed in the bottom side of the window with the possibility to continue anyway.
Insert a unique name for the new resource.
Click Create: the new Vault resource will now be added to the list.
As an example, you’ll find below the most important Vault connection applications: