Skip to main content

DCM Generic Vault

Generic External Vault allows you to configure a generic vault that can retrieve secrets from any vault with a programmatic interface using basic authentication.

You can utilize the DCM configuration to fetch secrets used in DCM credentials at runtime from a vault by providing a custom script or executable that would handle authentication and secret retrieval. Forming such a vault is possible through Designer and Server.

You can execute workflows successfully from both locations as long as the script or executable is accessible from that environment.

Permissions

To manage the user permissions to Generic Vaults, go to Server Admin Interface. Navigate to Users > Permissions and select the Manage Generic Vaults checkbox. In addition, Generic Vaults must be enabled on the Server environment.

Configuration

To configure Generic External Vaults, DCM must be enabled.

Go to System Settings > DCM and select the Enable Generic Vaults checkbox.

Important

To be able to obtain secrets from any vault, you have to create a custom script or an executable capable of reading secret values from your vault, accepting the below-described structure of command.

DCM then sends a request to the executable file configured, accompanied by the Username and Password of the user as configured on the Vault, the Vault Path, the Value ID configured on the credential, and additional parameters if necessary. A textual (string) value of the secret is expected to be returned to DCM.

To configure a new Generic Vault

  1. Open DCM.

  2. Go to the External Vaults tab.

  3. Select +New.

  4. Select Generic from the Technology dropdown.

  5. Enter

    1. Data Source Name 

    2. URL - the URL path to your vault. If not required (may be defined by the executable or script below), fill in any valid URL value.

    3. Executable Path - the path to the executable file PowerShell, Python, or a specific application.

    4. Additional Parameters - optional parameters sent together with each request, entered as JSON Array when the secret is needed.

      Example: ["C:/scripts/myvault.py","-company=alteryx","-ssl=true"]

  6. Select Save.

generic_vault.png

  1. Then configure a Credential to retrieve secrets from the Generic Vault just as you would from any other external vault in DCM. Select your Vault, define a Vault Path to navigate to the specific secrets, and define the Value ID for each secret within the Credential.

In this section: