Secrets
Enhance security by storing reusable connection credentials in a centralized vault.
For using secrets, please update connections created prior to release 2024.1.1.
Vault
To ensure maximum protection, secrets are not kept in the database repository but securely stored and encrypted within a dedicated Vault.
iceDQ currently offers an internal vault managed by the application itself, but we're working on expanding to support customer-managed vaults for greater flexibility.
- Internal: iceDQ seamlessly manages secrets, offering either its embedded HCP vault or AWS Secret Manager for deployments in AWS.
- External (Coming Soon)
- Custom Vault (Coming Soon)
Secret Types
Securely store sensitive information as key-value pairs within secrets. Examples include database passwords teradbpass:P@SSW0rd or API credentials {"clientid": "101080", "clientsecret": "akhxihxuyoe087307-82-8jnkvknkl"}.
iceDQ supports two types of secrets:
Public Secret
- Intended exclusively for use in System connections.
- Only users with Owner Role can manage Public secrets.
- Accessible to all users within the workspace
Private Secret
- Intended exclusively for use in User connections.
- Users with Owner, Contributor or Executor role can manage their own Private secrets
- Each user's private secrets within the workspace are exclusively accessible to them within the Workspace.
How To: Add a Public Secret
Following video shows you how to create a public secret and use it in System connection.
How To: Add a Private Secret
Following video shows you how to create a private secret and use it User connection.