Support for Secrets Management

Important: This documentation describes API Management 3.0, which models APIs as composable Services and applies governance with reusable Policies. For Classic APIM, refer to the Classic documentation.

APIM 3.0 supports the SnapLogic Secrets Management feature. Secrets Management allows you to leverage existing Secrets Manager third-party tools to retrieve the secrets for your accounts without specifying credentials.

When you configure the Secrets Manager, you select the third-party vendor. No additional work is required to extend the use of secrets in these API rules.

The Secrets Management feature requires a subscription. Consult your CSM to enable Secrets Management.

Secrets Management supports the following vendors:

  • AWS Secrets Manager

  • Azure Key Vault

  • CyberArk Conjur (Enterprise or Open Source)

  • HashiCorp Vault (Cloud, Enterprise, or Open Source)

Learn more about configuration details.

Usage Guidelines

  • You can reference secrets in expression enabled fields. Make sure that the button is toggled on.

  • Use an expression that calls secrets.read with the alias name for the secret object.

  • Because Groundplex nodes communicate with the secrets manager, make sure that the rules which reference secrets are applied to Services that run on that Groundplex.