Skip to main content

DCM Generic Vault

Generic External Vaults allow you to configure a generic vault that can retrieve secrets from any vault with a programmatic interface using basic authentication.

You can utilize DCM configuration to fetch secrets used in DCM credentials at runtime from a vault by providing a custom script or executable that would handle authentication and secret retrieval. Forming such a vault is possible through Designer and Server.

You can execute workflows successfully from both locations as long as the script or executable is accessible from that environment.

Permissions

To manage the user permissions to Generic Vaults, go to Server Admin Interface. Navigate to Users > Permissions and select the Manage Generic Vaults checkbox. In addition, Generic Vaults must be enabled on the Server environment.

Configuration

To configure Generic External Vaults, DCM must be enabled.

Go to System Settings > DCM and select the Enable Generic Vaults checkbox.

Important

To obtain secrets from any vault, you have to create a custom script or an executable capable of reading secret values from your vault, accepting the command structure below.

DCM then sends a request to the executable file configured, accompanied by the user's Username and Password as configured on the Vault, the Vault Path, the Value ID configured on the credential, and additional parameters if necessary.

A textual (string) value of the secret is expected to be returned to DCM.

To configure a new Generic Vault...

  1. Open DCM.

  2. Go to the External Vaults tab.

  3. Select +New.

  4. Select Generic from the Technology dropdown.

  5. Enter these details:

    1. Data Source Name

    2. URL: The URL path to your vault. If not required (might be defined by the executable or script below), enter any valid URL value.

    3. Executable Path: The path to the executable file PowerShell, Python, or a specific application.

    4. Additional Parameters: Optional parameters sent together with each request, entered as a JSON Array when the secret is needed.

      Example: ["C:/scripts/myvault.py","-company=alteryx","-ssl=true"]

  6. Select Save.

    generic_vault.png
  7. Then configure a Credential to retrieve secrets from the Generic Vault just as you would from any other external vault in DCM. Select your Vault, define a Vault Path to navigate to the specific secrets, and define the Value ID for each secret within the Credential.