PlainID’s Secrets Management (SM) Service integrates with Secret Providers and delivers the secrets and credentials required by PlainID Components. It is available in both Platform Cloud and PAA deployments, supporting similar needs across different purposes and use cases.
Managing Secret Stores through Environment Settings provides two main capabilities: managing stores in the Cloud Platform to serve secrets for Orchestration Integration, and managing stores for PAA Services without requiring manual configuration at the PAA level.
Secret Stores can be defined and managed directly in the Platform and include:
-
Configuring Secret Stores: Define the store type (from the supported Secret Providers), configure authentication to the provider, and set additional parameters required for each type.
-
Store Configuration Deployment: Deploy store configurations into PAAs, enabling the SM service running in the PAA to consume and use these managed configurations.
-
Compatibility with Manual PAA SM Configuration: The PAA SM service aggregates both manually defined stores and Platform-managed stores, avoiding breaking changes while resolving conflicts by giving precedence to managed stores.
-
Orchestration Vendor Authentication: Reference secrets from the customer’s secret store to securely manage credentials for orchestration vendors, improving security and simplifying administration.
To learn more about managing and configuring Secret Stores, refer to the following pages:
Managing Secret Stores
Configuring Secret Stores
Secret Stores and Use-cases
Secrets can be managed through integrated secret stores to support a variety of use cases.
Note: Common scenarios such as securing connections and managing credentials are supported;
For PAA services, detailed examples are documented in the Secret Management section in the Admin Guide.
The following table shows which secret stores can be used for each scenario:
| Use Case | HashiCorp Vault | AWS Secrets Manager | AWS RDS IAM | Azure Key Vault Secret Store | PlainID Internal Cloud Vault | |
|---|---|---|---|---|---|---|
| Private Keys for PDP JWT signing | ✓ | ✓ | - | ✓ | - | |
| AWS ElastiCache for Redis Passwords | - | ✓ | - | - | - | |
| Using Secrets for PIP Connections | ✓ | ✓ | - | ✓ | - | |
| AWS RDS Database Connection for PIP Data Source | - | - | ✓ | - | - | |
| Authorization Database Audit Connection | ✓ | ✓ | ✓ | ✓ | - | |
| PIP OAuth Connections | ✓ | ✓ | - | ✓ | - | |
| POP (Orchestration) | ✓ | ✓ | - | ✓ | ✓ |
Note: Snowflake, Databricks, and Power BI POPs are currently supported for Secret Store Management. For Orchestration connections, you can use either PlainID's internal vault store or one of the supported External Stores listed above.
For additional secret store integrations or use cases, contact PlainID Support to discuss options.