Contact Free trial Login

Create a Secret Group (Anypoint Platform)

Prerequisites

  • Verify that you have the Write secrets permission enabled.

  • Verify that you are in the correct environment using the environment switcher at the top of the left navigation bar.

Create a Secret Group

  1. In Anypoint Platform, go to Management Center and select Secrets Manager.

  2. Click Create Secret Group.

  3. Type a name for the secret group and click Save.

    The name of your secret group must:

    • Be at least three characters long and no longer than 35 characters

    • Start with a letter

    • Contain only letters, numbers, and dashes (but cannot end with a dash)

After creating your secret group, it appears in the Secret Groups list view. You can then add the necessary secret types by adding a truststore or a keystore.

Add a Truststore

Add a truststore for public certificates of trusted servers. The truststore stores up to 15 certificates from the trusted CA, which are then used to verify certificates presented by the server in an SSL connection.

  1. In the Secret Groups list view, select the secret group to receive a new truststore, and click Edit.

  2. Select Truststore in the menu on the left, and click Add Truststore.

  3. In the Add Truststore screen, add the required information.

    • Name
      Enter a name for your truststore.

    • Type
      Select the truststore type from the drop-down menu.
      Supported types are:

      • PEM

      • JKS

      • PKCS12

      • JCEKS

    • Truststore File
      Click Choose File and select the truststore file to upload.

    • Override Expiration Date
      Select the date to override the default expiration date of the certificate.

      If you are uploading a JKS, PKCS12, or JCEKS truststore file, you must also provide the passphrase for this truststore.
  4. Click Save.

Add a Keystore

Specify the type of keystore to add to the secret group. The keystore is the combination of the authorization certificate, its corresponding private keys, and the certification authority’s path.

  1. In the Secret Groups list view, select the secret group to which to add a keystore, and click Edit.

  2. Select Keystore in the menu on the left, and click Add Keystore.

  3. In the Name field, enter a name for your keystore.

  4. In the Type field, select the keystore type from the drop-down menu.

    Supported types include:

    • Privacy-Enhanced Mail (PEM)
      Base64-encoded ASCII file with a cer, crt, or pem extension

    • Java Keystore (JKS)
      Repository for authorization or public key certificates The JKS keystore type does not store secret keys.

    • PKCS #12
      Stores server and intermediate certificates in an archive file format The PKCS #12 keystore type does not store secret keys.

    • Java Cryptography Extension keystore (JCEKS)
      Stores server and intermediate certificates as well as secret keys

      1. To add a PEM type keystore, you must provide:

        • Certificate File
          Click Choose File to locate and upload the PEM certificate file.

        • Key File
          Click Choose File to locate and upload the PEM formatted file that contains the private key for the certificate.

        • Key Passphrase
          Enter the word or phrase that protects the private key.

        • CA Path Certificate File
          Click Choose File to locate and upload the certificate signed by a certification authority (CA).
          The CA path contains the intermediary and root certificates that are related to the certificate file you want to use.

        • Override Expiration Date
          Select the date to override the default expiration date of the certificate.

      2. To add a JKS, PKCS12, or JCEKS type keystore, you must provide:

        • Keystore File
          Click Choose File to locate and upload the keystore file to use.

        • Keystore Passphrase
          Enter the word or phrase that protects the keystore.

        • Alias
          The alias used to access the keystore entries (key and trusted certificate entries).

        • Key Passphrase
          The word or phrase that protects the private key.

        • Algorithm
          The algorithm to use for encryption of keys.

        • Override Expiration Date
          Select the date to override the current expiration date of the certificate.

  5. Click Save.

Add a Certificate Pinset

Add a concatenated list of PEM certificates to the secret group.

  1. In the Secret Groups list view, select the secret group to which to add a certificate pinset, and click Edit.

  2. Select Certificate Pinset in the menu on the left, and click Add Certificate Pinset.

  3. In the Certificate Pinset screen, add the required information.

    • Name
      Enter a name for the certificate pinset.

    • Certificate File
      Click Choose File and select the PEM formatted CA certificate to upload.

    • Expiration Date
      Select the expiration date for the certificate.

  4. Click Save.

Add a Shared Secret

Add a shared secret users can use for authentication.

  1. In the Secret Groups list view, select the secret group to which to add a shared secret, and click Edit.

  2. Select Shared Secret in the menu on the left, and click Add Shared Secret.

  3. In the Add Shared Secret screen, add the required information.

    • Name
      Enter a name for your shared secret.

    • Type
      Select the shared secret type from the drop-down menu.

      • Username Password
        Provide a username and password.

      • Symmetric Key
        Provide a Base64 string containing symmetric key.

      • S3 Credential
        Provide the access key ID and the secret access key to an S3 bucket.

      • Blob
        Provide a Base64-encoded value.

  4. Click Save.

Edit a Secret Group

When you edit a secret group, other users are locked out while you edit the necessary security objects. If a user doesn’t end an editing session by either finishing or canceling it, the Edit button is disabled for other users. If you click Cancel Edit, the open editing session is closed, and the Edit button becomes available, even if the session was started by a different user.

  1. In the Secret Group list view, click Edit for the secret group that you want to update.

  2. Make your changes and click Finish.
    The secret group is updated with the changes, and the secrets manager serves the updated secrets to all redeployed applications after this point.

  3. Click Cancel Edit to close an open editing session.
    Use caution when you cancel another user’s editing session, because all the changes made by the other user will be lost.