Strategy One

Configure Secret Vaults for SDS

In addition to saving and encrypting database login credentials locally, SDS can also fetch credentials from secret vaults. The following vault types are supported:

  • CyberArk Vault

  • HashiCorp Vault (Community and Enterprise) and HashiCorp Cloud Platform Vault Dedicated

  • AWS Secrets Manager

  • Azure Key Vault

  • Google Secret Manager

Prerequisite

Follow the steps in Deploy SDS.

Create a Vault Connection

  1. Using a web browser, open the SDS web using the following URL templates: http://<sds-agent-host>:8080/ or https://<sds-agent-host>:8443/.

    If you access the UI from a different machine, ensure that the SDS host firewall allows inbound connections on port 8080 and/or 8443. This is typically required when the Linux host has no graphical interface and is accessed remotely (for example, using a terminal session).

  2. Log in to SDS.

  3. Click the Vault Connections tab and click Add.

  4. Type a Name for the vault connection.

  5. Expand the Type drop-down list and choose your vault type.

  6. Type your authentication details or upload the corresponding credential file.

    For more information on vault connections, see Create, Edit, and Delete Vault Connections.

  7. Click Test and ensure the test passes, indicated by the green check mark.

  8. Click Save.

Create Database Login

Create a new database login in SDS that uses the vault connection. A single vault connection can be used and shared by multiple database logins.

  1. In SDS, click the Database Logins tab and click Add.

  2. Toggle on Use Vault.

  3. Type a Name for the login.

    Note this value as you will use it when configuring Workstation in the future.

  4. Expand the Type drop-down list and choose the vault connection type you created above.

  5. Expand the Vault Connection drop-down list and choose the vault connection you created above.

  6. Type the Secret Name that contains the database login credentials in your vault.

    Your vault may contain multiple secrets. Contact your vault administrator, if needed.

  7. Click Save.

Route Intelligence Server Database Connections Using SDS

To configure the Intelligence server to connect to warehouse databases through SDS using the vault connection and database login you created above, see Configure Intelligence Server-to-SDS Connection in Workstation.