Documentation

12. Secret Management System

Users and admins upload machine and cloud credentials so that automation can access machines and external services on their behalf. By default, sensitive credential values (such as SSH passwords, SSH private keys, API tokens for cloud services) are stored in the database after being encrypted. With external credentials backed by credential plugins, you can map credential fields (like a password or an SSH Private key) to values stored in a secret management system instead of providing them to the controller directly. automation controller provides a secret management system that include integrations for:

  • Centrify Vault Credential Provider Lookup

  • CyberArk Application Identity Manager (AIM)

  • CyberArk Conjur

  • HashiCorp Vault Key-Value Store (KV)

  • HashiCorp Vault SSH Secrets Engine

  • Microsoft Azure Key Management System (KMS)

  • Thycotic DevOps Secrets Vault

  • Thycotic Secret Server

These external secret values will be fetched prior to running a playbook that needs them. For more information on specifying these credentials in the User Interface, see Credentials.