Create and Update Secrets

Create and Update Secret values that Salem can use for Third Party Actions

Secrets Management in Salem

Salem leverages an Azure Key Vault to manage Secrets. This method gives users secure control and auditability over secret values.

Prerequisites

To create or modify a secret value in the Salem Key Vault or any Azure Key Vault, an user must have the "Key Vault Secrets Officer" role over the Key Vault Resource in question. A user with the "Owner" role for a key vault resource is still required to assign their user account the "Key Vault Secret Officer role

Allow Salem to read Key Vault Secrets

To enable Salem access to read secrets in the Salem Key Vault or any other Azure Key Vault, the Salem managed Identify for the SalemAPI must be assigned the Azure IAM role "Key Vault Secrets User". This role assignment must be performed by a user with Azure IAM "Owner" role for the key vault resource.

Non-Salem Key Vaults

It is possible for Salem to use a Key Vault resource other than the one provided in the Salem deployment. To support read access, the SalemAPI managed Identity must be given "Key Vault Secrets User" role for this Key Vault. Additionally the ActionDefinition for any action that will use this Key Vault must point to the Vault URI for the Key Vault you want Salem to reference. This is configured in the "credentials" portion of the ActionDefinition. By default, Salem will use the Salem Key Vault.

Creating a New Secret

  1. From the Azure Portal, navigate the the Salem Key Vault resource (or other Key Vault you plan to use). The Salem Key Vault resource will be in the Salam managed resource group.

  2. Select Secrets from the left side menu and create new

  3. Enter a secret name. Record this name as it will be need to be added to any ActionDefinition leveraging this secret value. See Configure Third Party Actions

  4. Enter the secret value

  5. Save

Modifying a Secret

  1. From the Azure Portal, navigate the the Salem Key Vault resource. The Salem Key Vault resource will be in the Salam managed resource group.

  2. Select Secrets from the left side menu

  3. Identify the Secret you want to update by the Secret Name. If you are tyring to modify the secret value for a particular Salem Action, find the secret name form the associated Salem Action Definition. See Configure Third Party Actions NOTE: A Salem ActionDefinition can be configured to use any Key Vault. If you don't see the secret name you expect, check the ActionDefinition to see if it references a different Key Vault.

  4. Update the secret value

  5. Save

PreviousUpdate Salem OAuth SecretsNextRole Based Access Control (RBAC)

Last updated