DCM External Vaults
The External Vault feature allows you to connect DCM with your Vault of choice (see supported vaults). Thus, you can use External Vaults in DCM to fetch credentials from your Vault and securely use them in your workflow.
We support External Vaults for Designer 22.3 and later.
External Vault Configuration
In order to configure External Vaults, DCM must be enabled. Learn how to enable DCM in the DCM - Designer article. To connect DCM to your Vault:
In Designer, select File > Manage Connections to open DCM.
Go to the External Vaults tab.
Select +New.
Enter a Vault name.
Choose Technology.
Enter the address of your Vault into the URL input, for example,
https://myvault.hashicorp.cloud:8200/
.Select Save.
Next, select credentials to authenticate to your Vault:
Choose an Authentication Method.
Fill in the credential information.
Select Link.
You are now able to select this External Vault as a source of credentials.
Create an External Vault Credential
In order to create a new credential that contains authentication data from an External Vault, you must:
Open DCM.
Open the Credentials tab.
Select + Add Credential.
Enter the credential name.
Select Vault from the Vault dropdown.
Enter a path to the secret in the selected Vault into the Vault Path. Use slash formatting, for example,
path/to/secret
.Select Authentication method.
If you want to fetch the credential from Vault, check the Use Values from Vault check box.
Then enter the key - the username (when accessing a key-value type of secret) or the JSON path (if the retrieved secret is a more complex JSON object) using the Javascript object notation, for example,
secrets.username
.Other types of secrets are not supported.
If you want to enter any part of the credential value manually (and keep it saved in DCM), uncheck the Use Values from Vault checkbox.
Then enter the actual credential value (for example, your username).
Select Save.
Now, the newly saved credential can be used in your Workflow, the same as any other DCM credential.
Edit External Vault Credential
Open DCM.
Open the Credentials tab.
Select which credential to edit.
Select Edit.
Update credential details.
Select Save.
Delete External Vault Credential
Open DCM.
Open the Credentials tab.
Select which credential to delete.
Select the trashcan icon.
Select Delete to confirm.
Supported Vaults
Hashicorp Vault (KV secrets engine) - supported for Designer 22.3 and later.
CyberArk Conjur - supported for Designer 22.3 and later.
AWS Secrets Manager