Authenticate through an External Vault¶
Alation Cloud Service Applies to Alation Cloud Service instances of Alation
Customer Managed Applies to customer-managed instances of Alation
Alation enables you to store and retrieve connection information for Open Connector Framework (OCF) connectors in an external vault or secrets manager. With this feature, you can store sensitive information securely and manage it centrally, preventing “credential sprawl” and enabling your organization to comply with IT security policies. You can use this feature to store and retrieve connection information such as:
JDBC URIs
Service account usernames
Passwords
Kerberos authentication information
When you configure an OCF connector to use an external vault, the connector retrieves the connection information from the vault when performing metadata extraction (MDE), query log ingestion (QLI), sampling, and profiling.
Alation offers support for the following vaults, subject to version availability and other requirements:
AWS Secrets Manager
Azure Key Vault
HashiCorp Vault
You enter connection information for an OCF connector on the General Settings tab of the connector’s Settings page. By default, connection information is stored in the Alation database. However, if you have created an integration with one of the supported vaults, the General Settings page will offer the option of pulling such information from the appropriate vault. In this case, most options under Application Settings or Connector Settings will show the following icons to the right of the option:
or
By default, the Standard option (or the database icon) is selected, as shown. To pull the setting from a vault, click the Vault option (or the lock icon).
For specific details about configuring each vault, see the following topics:
For generic information about configuring external vaults for OCF connectors, see Authentication Configuration Methods for External Systems.