Vault Configuration in IBM App Connect V12.X
A vault configuration is like a secret box to store all the important objects like usernames, passwords, important credentials, etc.., IBM App connect versions provided a vault to store credentials assigned to integration nodes or independent integration servers.
Stored credentials in the vaults are encrypted by IBM ACE for security. Which uses AES 256-bit encryption to encrypt and decrypt credentials. The vault key is mandatory to access a vault. Also ACE provides a command to decode the encrypted credentials.
We can create a vault for the integration node & integration server with help of mqsivault command or while creating the node and server. The vault creates command is provided below for easy understanding.
mqsivault <broker Name> --create –vault-key <vault Key> mqsicreatebroker < broker Name > --vault-key <vault Key>
We can also create a vault for the independent integration server from the toolkit in the latest ACE v 12.X.
The vault of the Integration node serves all credentials to all the servers which are present in the particular node. If the vault is assigned to the integration node with the vault key then each. We can use the mqsicredentials command to create, update, retrieve, or delete the security credentials for resources that are used by an integration node or integration server.
It supports storing credentials like odbc , amazons3, azureblobstorage, cloudantdb, elk, email, ftp, jdbc, loopback, salesforce, servicenow, truststore, etc.., Provided odbc configuration for independent integration server (having vault) given below.
mqsicredentials --work-dir <work Directory> --create –credential-type odbc--credential-name <DSN Name> --username <user Name> --password <password> --vault-key <vault Key>
Also, the vault helps configure node connectors with their respective platforms. After vault creation for the node or server, some files were created in the vault directory. There we will see the vault key and credentials. Total credentials were stored in the credentials folder. And also we can check the WEB UI whether the given credentials are assigned (The credentials provider is the vault) or not.