Nav

Supported Secret Types Reference

Simple Secret Types

Secret Type Description

Shared Secret

This security object contains a username and password or a base64-encoded symmetric key.
The shared secret is used for symmetric encryption and decryption, where the secret is known by both the message sender and the message recipient. The sender uses the key to encrypt and/or sign the message. The recipient uses the key to decrypt the message and/or verify a message’s digital signature.

Secrets manager allows an administrator to define either a static username/password combination, a static symmetric key, S3 bucket, or blobs.

Certificate

This security object contains an X.509 certificate and an electronic document that uses a digital signature to bind a public key with an identity.
Secrets Manager supports PEM and JKS certificates.

Secret Types Used in TLS/SSL Communication

Secret Type Description

Keystore

A Keystore is a repository of security certificates (either authorization certificates or public key certificates), plus corresponding private keys used, for example, in SSL encryption.
Supported keystore types are:

  • JKS

  • JCEKS

  • PEM

  • PKCS12

Truststore

A truststore is a repository of security certificates from other parties with which you expect to communicate, or from Certificate Authorities that you trust to identify other parties.
A Secrets Manager truststore accepts the following standard format inputs:

  • PEM

  • JKS

  • PKCS12

  • JCEKS

Certificate Pinset

A Certificate Pinset is a repository of security certificates from other parties that associate a client or host with their expected X.509 certificate or public key. These security certificate identities are then "pinned" to clients or hosts.
This repository or "Pin Set" acts as a white list of certificates that can be used, for example, to identify clients in a SSL/TLS connection. Secrets Manager will accept a concatenated list of PEM certificates as input.

Certificate Revocation List (CRL) Distribution Configuration

A Certificate Revocation List (CRL) distributor is an entity that creates and maintains a list of certificates issued by the CA that are no longer trusted because their associated private keys, or a signing CA, were compromised.

Anypoint Secets Manager lets you create CRL distribution points to query a CRL Distributor for a specific CA certificate.
To configure a CRL distributor, you must provide a URL of the CRL distributor, a CA certificate, and a frequency to check the list for updates.
As some CRL lists can grow very large, you can provide an optional Delta CRL Issuer URL (if the CRL distributor supports it) to retrieve deltas to the CRL list, instead of retrieving the entire list.

TLS Context

This security object defines all SSL critical security parameters.

We use cookies to make interactions with our websites and services easy and meaningful, to better understand how they are used and to tailor advertising. You can read more and make your cookie choices here. By continuing to use this site you are giving us your consent to do this.

+