Secure vault is used to store sensitive information that needs to be provided during task execution.
The data is encrypted and stored in the Secure Vault as Keys.
Secure vault variables are maintained at an App level.
Add Secure Data
Each App has its own key-value pairs. The key is unique across the App and can be shared with the users within the App.
To add secure data, do the following:
- Click the icon on the left-hand side menu bar. The Secure Vault page lists all the existing secure keys created in the App.
- Click on the + icon.
- In the Add Secure Data window, provide the following details:
- Secure Key: Name of the secure key to be created.
- CyberArk: If CyberArk settings are enabled for the instance, toggle CyberArk to ON and provide the CyberArk key as the Value.
To toggle this field ON, ensure that CyberArk is integrated with JIFFY.ai.
- Value: Value of the key.
- Confirm Value: Confirm the value of the key.
- Description: A short description about the key.
- Share this with: The key can be shared with:
- Specific People: Share the key with specific users.
Specify the users to share the key in the Users List section.
- Click the + icon to add the users.
- Select the username from the first drop-down.
- Assign appropriate access rights (Read, Write, or Admin) as required.
- Read: User can view the secure vault details in the read-only mode and cannot modify.
- Write: User can modify the secure vault details.
- Admin: User can view, edit, and share the secure vault details with other users.
- Click the icon to remove the user.
- Global Audience: Share the key with all the users of the App. The users get Write access to the key.
- Click the SAVE button to save the secure data details.
Edit Secure Data
Click the icon against the secure key to edit it.
If the Secure Key was shared with you with Write or Admin access, you can edit the key.
Use Secure Vault Keys in Task
If the key was not shared with you, the error "user <Username> does not have permission for <Secure Key>" is displayed when the task is executed.
Check Vault Token Expiry
- Connect to Core Server as jiffyapp-usr, navigate to $JIFFY_HOME/.vault.d dir.
- Check for the vault info file saved and get the “Initial Root Token“.
- Export the Root Token.
export VAULT_TOKEN={Enter root Token}
- Run the below commands, which will give you the keys for all the tokens on server.
vault list auth/token/accessors
- You can further lookup on the accessor ID’s above to see the token info, like display name, issue time, expiry time etc.
vault token lookup -accessor {Accessor Key}
You will get to know the token issue and expiry time in this lookup.
Please disregard the “display_name=root” instruction and instead examine each token key. Identify the most recent token key, which indicates the time when the token was last renewed.