Nav

To Create a Secret Group (Anypoint Platform)

You need to verify that your user has the Write secrets permission enabled and that you are in your desired environment using the environment switcher at the top of the left navigation bar.

  1. In Anypoint Platform, go to Management Center and select Secrets Manager.

  2. Click the Create Secret Group button.

  3. Type a name for the secret group and click save.

    The name of your secret group must be at least 3 characters long and no longer than 35 characters, and it must start with a letter.

    Only letters, numbers, and dashes are allowed. The name cannot end with a dash.

This procedure creates the secret group. Now you can proceed to add your necessary secret types.

To Add a Keystore

  1. In the secret group to which you want to add a secret, select Keystore, and click the Add Keystore button.

  2. In the Name field, write a name for your Keystore.

  3. In the Type field, select the keystore type from the drop-down menu.

    Supported types are:

    • PEM

    • JKS

    • PKCS12

    • JCEKS

  4. Depending on the selected Keystore type, you might need to provide the required keystore file, passphrase, and certificate file if PEM was selected.

To Add a Truststore

  1. In the secret group to which you want to add this secret, select Truststore, and click the Add Truststore button.

  2. In the Name field, write a name for your keystore.

  3. In the Type field, select the truststore type from the drop-down menu.

    Supported types are:

    • PEM

    • JKS

    • PKCS12

    • JCEKS

  4. In the Truststore File field, click Choose File, and select your truststore file to upload.

If you are uploading a JKS, PKCS12, or JCEKS truststore file, you also need to provide the passphrase for this truststore.

To Add a Certificate

  1. In the secret group to which you want to add this secret, select Certificate, and click the Add Certificate button.

  2. In the Name field, write a name for your certificate.

  3. In the Type field, select the certificate type from the drop-down menu.

    Supported types are:

    • PEM

    • JKS

  4. In the Certificate File field, click Choose File, and select your certificate file to upload.

    If you are uploading a JKS certificate, you also need to provide the passphrase for this certificate and to select its alias from the drop-down menu.

To Add a Certificate Pinset

  1. In the secret group to which you want to add this secret, select Certificate Pinset, and click the Add Certificate Pinset button.

  2. In the Name field, write a name for your ceritifcate pinset.

  3. In the Certificate File field, click Choose File and select your certificate file to upload.

To Add a Shared Secret

  1. In the secret group to which you want to add this secret, select Shared Secret, and click the Add Shared Secret button.

  2. In the Name field, write a name for your shared secret.

  3. In the Type field, select the shared secret type from the drop-down menu.

    • Username Password:
      If you select this type, you need to provide a username and password

    • Symetric Key:
      If you select this type, you need to provide a Base64 string containing symmetric key.

    • S3 Credential:
      If you select this type, you need to provide the access key ID and the secret access key to an S3 bucket.

    • Blob:
      If you sleect this type, you need to provide a base64-encoded value.

To Add a Certificate Revocation List Distribution Configuration

  1. In the secret group to which you want to add this secret, select CRL Distribution Point, and click the Add CRL button.

  2. In the name field, write a name for your CRL distribution point.

  3. In the Distributor Certificate field, select your CRL distributor from the drop-down menu.

  4. In the CA Certificate field, select the CA certificate to query against the CRL distributor from the drop-down menu.

  5. In the Frequency field, determine the interval in minutes to query the CRL distributor.

  6. In the Complete CRL Issuer URL, add the CRL issuer URL.
    Additionally, you can add a Delta CRL in the Delta CRL Issuer URL field.

To Add a TLS Context

  1. In the secret group to which you want to add this secret, select TLS Context, and click the Add TLS Context button.

  2. In the Name field, write a name for your TLS Context.

  3. Select the TLS version in the TLS Version field.

  4. In the Target field, select the target for this TLS context from the drop-down menu.
    Supported values are Mule and Security Fabric.

  5. Select the keystore to add this TLS context from the Keystore field drop-down menu.
    Additionally, you can choose to add this TLS context to a Truststore in your secret group.

Secrets Manager also allows you to select custom ciphers.

Supported ciphers:

  • AES256 GCM SHA384

  • AES128 GCM SHA256

  • AES256 SHA256

  • AES128 SHA256

  • AES256 SHA1

  • AES128 SHA1

  • DES CBC3 SHA1

  • DHE RSA AES256 GCM SHA384

  • DHE RSA AES128 GCM SHA256

  • DHE RSA AES256 SHA256

  • DHE RSA AES128 SHA256

  • DHE RSA AES256 SHA

  • DHE RSA AES128 SHA

  • ECDHE RSA AES256 GCM SHA384

  • ECDHE RSA AES128 GCM SHA256

  • ECDHE RSA AES256 SHA384

  • ECDHE RSA AES128 SHA256

  • ECDHE RSA AES256 SHA

  • ECDHE RSA AES128 SHA

  • ECDHE RSA DES CBC3 SHA

  • EDH RSA DES CBC3 SHA

We use cookies to make interactions with our websites and services easy and meaningful, to better understand how they are used and to tailor advertising. You can read more and make your cookie choices here. By continuing to use this site you are giving us your consent to do this.

+