Create a secret in the Vault

Prerequisites

  • Your user has the Permission level Edit for the Vault in the Role tool.

Procedure

  1. In the Cockpit, select the Vault.

    Result: The Vault opens with the list of configured secrets according to the Permission level of your user.

  2. Select Create.

    Result: The Create Secret dialog opens. Key Fingerprint is prefilled.

    The key fingerprint is a SHA-256 hash of the AES key that secures your secrets and is automatically prefilled. If this fingerprint ever changes due to configuration updates or key replacement, all existing secrets become inaccessible and cannot be recovered. The AES key is randomly generated and cannot be recreated, so ensure it is never modified or overwritten once set.

  3. In Name, enter a meaningful name for the secret.

  4. In Description, enter a meaningful description for the secret.

  5. In Key Identifier, enter a meaningful key identifier name for the secret.

    The key identifier for each secret connects it to scripts, applications, and integrations. If you rename a secret’s key identifier, you must update all references, otherwise, the secret will no longer be accessible in the places where it is used.

  6. In Secret, enter the secret data you want to conceal and store. Use the eye icon to view the secret data in plaintext when you create the secret for the first time.

    After creation of the secret, your user must be a global admin in Neptune DXP - Open Edition to be able to decrypt the secret, if required.

  7. To enter a hint for the secret for personalized retrieval, turn on the Enable Hint switch.

    When enabled, the first three characters of the secret display in Enable Hint.

  8. To notify about the expiration of your secret, turn on the Notify on Expiration switch.

    Result: The following fields appear for entry:

    Expiration

    The date after which the secret expires

    Notify days before expiry

    The amount of days (in 24 hours) that users whose email addresses are entered in Notify emails are notified about expiration of the secret

    Notify emails

    Email addresses of users who are notified about expiration of the secret according to entries in Expiration and Notify days before expiry

  9. To retrieve a secret at runtime in the Script Editor, turn on the Use in script editor switch.

  10. In Package, assign the secret to a development package.

  11. Select Create.

Results

  • You have created a secret artifact for sensitive information in the Vault.

  • You can choose this secret in the value help of input fields for easy insertion, where applicable.

Related topics