Supported Secret Types Reference

Shared Secret

This security object contains a username and password or a base64-encoded symmetric key.
The shared secret is used for symmetric encryption and decryption in situations in which the secret is known by both the message sender and the message recipient. The sender uses the key to encrypt and sign the message. The recipient uses the key to decrypt the message and verify a message’s digital signature.

The secrets manager enables an administrator to define one of a static username and password combination, a static symmetric key, an S3 bucket, or blobs.

Certificate

This security object contains an X.509 certificate and an electronic document that uses a digital signature to bind a public key with an identity.
The secrets manager supports PEM and JKS certificates.

Keystore

A keystore is a repository of security certificates (either authorization certificates or public key certificates), plus corresponding private keys used, for example, in SSL encryption.

Secrets manager accepts both keys and certificates signed by RSA and EdDSA (ED448 and ED25519).

Supported keystore types are:

Truststore

A truststore is a repository of security certificates from other parties with which you expect to communicate, or from Certificate Authorities that you trust to identify other parties.

Secrets manager accepts truststores with expired certificates.

The secrets manager truststore accepts the following standard input formats:

Certificate Pinset

A Certificate Pinset is a repository of security certificates from other parties that associate a client or host with their expected X.509 certificate or public key. These security certificate identities are then "pinned" to clients or hosts.
This repository or "Pin Set" acts as a list of certificates that can be used, for example, to identify clients in a SSL/TLS connection. The secrets manager accepts a concatenated list of PEM certificates as input.

TLS Context

This security object defines all SSL critical security parameters.