Create and Edit Secret Group (Anypoint Platform)

Secrets Manager enables you to create and edit secrets groups, which is a logical grouping of secrets. Secrets Manager also enables you to create new secret types and add them to a secrets group.

Prerequisites

To create and edit secret groups:

  • Verify that you have the Write secrets permission enabled.

  • Verify that you are in the correct environment using the environment or business group.

Create a Secret Group

  1. In Anypoint Platform, go to Management Center then select Secrets Manager.

  2. Click Create Secret Group.

  3. Enter a name for the secret group and click Save.

    The name of your secret group must:

    • Start with a letter

    • Be at least three characters long and no longer than 35 characters

    • Contain only letters, numbers, and dashes; however, the name cannot end with a dash.

After creating your secret group, it appears in the Secret Groups list view. Edit the secret group to add the necessary secret types, such as a truststore or a keystore.

Add a Truststore

Add a truststore for public certificates of trusted servers. The truststore stores up to 15 certificates from the trusted CA, which are then used to verify certificates presented by the server in an SSL connection.

  1. In the Secret Groups list view, select the secret group to receive a new truststore, and click Edit.

  2. Select Truststore in the menu on the left, and click Add Truststore.

  3. In the Add Truststore screen, add the required information.

    • Name
      Enter a name for your truststore.

    • Type
      Select the truststore type from the drop-down menu.
      Supported types are:

      • PEM

      • JKS

      • PKCS12

      • JCEKS

    • Truststore File
      Click Choose File and select the truststore file to upload.

    • Override Expiration Date
      Select the date to override the default expiration date of the certificate.

      If you are uploading a JKS, PKCS12, or JCEKS truststore file, you must also provide the passphrase for this truststore.
  4. Click Save.

Add a Keystore

Specify the type of keystore to add to the secret group. The keystore is the combination of the authorization certificate, its corresponding private keys, and the certification authority’s path.

  1. In the Secret Groups list view, select the secret group to which to add a keystore, and click Edit.

  2. Select Keystore in the menu on the left, and click Add Keystore.

  3. In the Name field, enter a name for your keystore.

  4. In the Type field, select the keystore type from the drop-down menu.

    Supported types include:

    • Privacy-Enhanced Mail (PEM)
      Base64-encoded ASCII file with a cer, crt, or pem extension

    • Java Keystore (JKS)
      Repository for authorization or public key certificates The JKS keystore type does not store secret keys.

    • PKCS #12
      Stores server and intermediate certificates in an archive file format The PKCS #12 keystore type does not store secret keys.

    • Java Cryptography Extension keystore (JCEKS)
      Stores server and intermediate certificates as well as secret keys

      1. To add a PEM type keystore, you must provide:

        • Certificate File
          Click Choose File to locate and upload the PEM certificate file.

        • Key File
          Click Choose File to locate and upload the PEM formatted file that contains the private key for the certificate.

        • Key Passphrase
          Enter the word or phrase that protects the private key.

        • CA Path Certificate File
          Click Choose File to locate and upload the certificate signed by a certification authority (CA).
          The CA path contains the intermediary and root certificates that are related to the certificate file you want to use.

        • Override Expiration Date
          Select the date to override the default expiration date of the certificate.

      2. To add a JKS, PKCS12, or JCEKS type keystore, you must provide:

        • Keystore File
          Click Choose File to locate and upload the keystore file to use.

        • Keystore Passphrase
          Enter the word or phrase that protects the keystore.

        • Alias
          The alias used to access the keystore entries (key and trusted certificate entries).

        • Key Passphrase
          The word or phrase that protects the private key.

        • Algorithm
          The algorithm to use for encryption of keys.

        • Override Expiration Date
          Select the date to override the current expiration date of the certificate.

  5. Click Save.

Add a Certificate Pinset

Add a concatenated list of PEM certificates to the secret group.

  1. In the Secret Groups list view, select the secret group to which to add a certificate pinset, and click Edit.

  2. Select Certificate Pinset in the menu on the left, and click Add Certificate Pinset.

  3. In the Certificate Pinset screen, add the required information.

    • Name
      Enter a name for the certificate pinset.

    • Certificate File
      Click Choose File and select the PEM formatted CA certificate to upload.

    • Expiration Date
      Select the expiration date for the certificate.

  4. Click Save.

Add a Shared Secret

Add a shared secret users can use for authentication.

  1. In the Secret Groups list view, select the secret group to which to add a shared secret, and click Edit.

  2. Select Shared Secret in the menu on the left, and click Add Shared Secret.

  3. In the Add Shared Secret screen, add the required information.

    • Name
      Enter a name for your shared secret.

    • Type
      Select the shared secret type from the drop-down menu.

      • Username Password
        Provide a username and password.

      • Symmetric Key
        Provide a Base64 string containing symmetric key.

      • S3 Credential
        Provide the access key ID and the secret access key to an S3 bucket.

      • Blob
        Provide a Base64-encoded value.

  4. Click Save.

Edit a Secret Group

Edit a secrets group to add secret types such as keystores, truststores, certificates, etc.

  1. In the Secret Groups list view, select the secret group you want to edit, then click Edit.

  2. Make changes to the secrets as required.

As you create or save changes to a secret, the changes are applied immediately. The updated secret group is immediately available the next time the secret group is accessed or when deploying an application.

Was this article helpful?

💙 Thanks for your feedback!

Edit on GitHub