Secrets Management Integration

Fabric supports integration with Secrets Management services, with the intention of not storing secrets in Fabric itself. An example for secrets is passwords that are used in interfaces, Environments and Fabric System Database as a way to enable communication with external systems. Click here for further information about secured storage of secrets in Fabric.

Secrets Management services are tools that aim to securely store, manage, access and audit sensitive information such as passwords, API keys and other credentials, across the organization. The features included in Secrets Management services are encryption, access controls, auditing and automatic rotation of secrets.

The advantages of Secrets Management are:

  • Reducing the risk of secret leaks when providing a secret for each client application.
  • Having a single source of truth, which can be better controlled, changed or rotated, manually or automatically.
  • Managing accesses to secrets with fine-grained authorization policies.
  • Detecting security breaches and attempted accesses to systems, done by analyzing audit logs and alerts that provide detailed history of client interactions, which can also be used for guiding security policy enforcement.

Fabric supports integration with various external Secrets Management providers, in which case Fabric does not store the secrets but rather their reference IDs.

These are the currently supported Secrets Management providers, along with their official webpages:

How does it Work

  1. The customer's security team administrator creates a set of credentials on either a database or a similarly secured resource server, and then provisions them as secrets in the Secrets Management provider. The latter encrypts and stores the credentials within the secrets.
  2. The administrator has to grant Fabric (client application) with permissions to approach these secrets.
  3. When Fabric opens a connection in order to access the database/resource server via an interface, it examines whether its credentials are defined as reference IDs in the external Secrets Management provider. If they are defined as such, Fabric queries the Secrets Management provider for the relevant secrets.
  4. The Secrets Management provider decrypts and returns the secrets to Fabric over a secured channel.
  5. Fabric uses the secrets as the resource server credentials, as defined in the interface.
  6. Fabric caches the credentials in memory. If the connection to a resource server fails due to credentials, Fabric assumes that the credentials were changed, and it accesses the Secrets Management provider again for getting them.

Using Secrets Management Services

In order to use a Secrets Management provider, you should:

  1. config.ini, Set the configuration in the config.ini file with the selected Secrets Management provider, along with access and permission details. Read here for more details.
  2. Interface Editor, Provision and mark the required interface connection details as those that should be taken from the Secrets Management provider, as part of the project's implementation settings. Read here for more details.

Previous

Secrets Management Integration

Fabric supports integration with Secrets Management services, with the intention of not storing secrets in Fabric itself. An example for secrets is passwords that are used in interfaces, Environments and Fabric System Database as a way to enable communication with external systems. Click here for further information about secured storage of secrets in Fabric.

Secrets Management services are tools that aim to securely store, manage, access and audit sensitive information such as passwords, API keys and other credentials, across the organization. The features included in Secrets Management services are encryption, access controls, auditing and automatic rotation of secrets.

The advantages of Secrets Management are:

  • Reducing the risk of secret leaks when providing a secret for each client application.
  • Having a single source of truth, which can be better controlled, changed or rotated, manually or automatically.
  • Managing accesses to secrets with fine-grained authorization policies.
  • Detecting security breaches and attempted accesses to systems, done by analyzing audit logs and alerts that provide detailed history of client interactions, which can also be used for guiding security policy enforcement.

Fabric supports integration with various external Secrets Management providers, in which case Fabric does not store the secrets but rather their reference IDs.

These are the currently supported Secrets Management providers, along with their official webpages:

How does it Work

  1. The customer's security team administrator creates a set of credentials on either a database or a similarly secured resource server, and then provisions them as secrets in the Secrets Management provider. The latter encrypts and stores the credentials within the secrets.
  2. The administrator has to grant Fabric (client application) with permissions to approach these secrets.
  3. When Fabric opens a connection in order to access the database/resource server via an interface, it examines whether its credentials are defined as reference IDs in the external Secrets Management provider. If they are defined as such, Fabric queries the Secrets Management provider for the relevant secrets.
  4. The Secrets Management provider decrypts and returns the secrets to Fabric over a secured channel.
  5. Fabric uses the secrets as the resource server credentials, as defined in the interface.
  6. Fabric caches the credentials in memory. If the connection to a resource server fails due to credentials, Fabric assumes that the credentials were changed, and it accesses the Secrets Management provider again for getting them.

Using Secrets Management Services

In order to use a Secrets Management provider, you should:

  1. config.ini, Set the configuration in the config.ini file with the selected Secrets Management provider, along with access and permission details. Read here for more details.
  2. Interface Editor, Provision and mark the required interface connection details as those that should be taken from the Secrets Management provider, as part of the project's implementation settings. Read here for more details.

Previous