Connectors
      Back to home
      1. Knowledge Base
      2. Connectors

      Credential Manager

      Securing User Credentials 

      The first step towards connecting to a database is Authentication which verifies the identity of a user or an application. To establish a connection with a Data Source (DB, ETL, Reporting Systems, File Manager), OvalEdge supports the below-mentioned Credential Manager platforms:

      • OE Database
      •  AWS Secrets Manager
      •  HashiCorp Vault 

      connector

      Credential Manager

      Credential Manager helps to manage user credentials (Username/Password), tokens, API keys, certificates, or any sign-in information for applications, websites, or networks. It allows the users to save credential details in a centralized location to view, delete, add, and rotate credentials. 

      As users prefer not to reveal their credentials when authenticating, the credential manager tools help to encrypt the user credentials by creating secrets or path key values which cannot be accessed by others in any form and protect their privacy. 

      The connectors read the authentication information from the Credentials Manager in real-time at the time of establishing a connection to the data sources.

      OE Database

      OE Database provides encryption as a service with credential management to simplify encrypting credentials. It uses encryption algorithms to securely store the user credentials, such as username/password, client secrets, and API tokens, in an encrypted format in the OvalEdge database. OvalEdge platform manages and maintains the responsibility of the encryption of the credential within OvalEdge. 

       

      How are the credentials secured in the OE Database?

      When the user enters the credentials related to the data sources to which the connectivity has to be established, the credentials are stored in the OvalEdge database in a secured way using the SALT applied over the encrypted value with the Ciphers. This format of storing the credentials with SALT being applied will be irreversible. 

      What is SALT? 

      SALT is random data used as an additional input layer to a one-way function that hashes data, a password, or a passphrase. It helps to safeguard passwords in storage (OE Database) in an irreversible format, even in the case of Compromise. 

      Establishing a connection using OE Database:

      • Enter the user credential details in the Manage Connection and validate.

      one

      AWS Secrets Manager

      The AWS Secrets stores and maintains the user credentials in a centralized location. It uses encryption keys to generate secret keys and also supports the secret rotation feature. The secret credentials generated in the AWS Secrets instance are used to access the data source in the OvalEdge platform. When establishing a connection with a data source, the OvalEdge application makes a call to the AWS Secrets Manager in real-time to read the secret credentials.

      • Create Secrets (Access Key, Secret Key, Region) in the AWS Secret Manager.
      • Connect to the AWS Secrets Manager Connector in the OvalEdge platform and configure the secret details that are generated in the AWS Secrets Manager.
      • Establish a connection with a specific connector using the secret attributes (secretname/secret key, secretpassword/secretkey).

       

      Validating AWS Secretes credentials:

      1. To establish a connection with a data source, the users need to connect to the AWS Secret Manager Connector in the OvalEdge platform. 
      2. Navigate to Administrator > Connectors > + icon (Add a Connection) > select AWS Secrets Manager.
        two
      3. Enter the secret credentials (Access Key, Secret Key, Region) created in the AWS Secrets Manager instance.

        Field Name

        Description

        Connection Type*

        Displays AWS Secrets Manager by default.

        License Type*

        By default, the License type is standard.

        Connection Name*

        Enter the name of the connection, the connection name specified in the Connection Name textbox will be a reference to the AWS Secrets Manager connection in the OvalEdge application.

        Example: AWS Secrete Manager_1

        Access Key*

        Enter the access key value configured in AWS Secrets Manager.

        Secret Key*

        Enter the secret key configured in AWS Secrets Manager.

        Secrets Manager Region*

        Enter the Secret Manager Region configured in AWS Secrets Manager.

        Select Bridge

        By default, the No Bridge option will be displayed.
      4. Click on the Save button to save the connection details.
      5. Click on the Validate button to validate the entered connection details. Click on the Save button to save the connection details.

      Note: The integration of AWS Secrets Manager will work with Cross Account via Bridge.

      four

       

      Establishing a connection using AWS Secretes credentials:

      1. Go to Administrator > Connectors > + icon Add New Connection.
      2. In the Manage Connector pop-up, enter the details in the fields provided.

        five
      3. Enter the details in the Manage Connector pop-up. 
      4. Select AWS Secrets Manager as Credential Manager and enter the user credentials in the fields. For Example, Username - secretname/secret key, Password - secretpassword/secretkey. 
      5. Click the Save button to save the details. Click Validate to get access to the data source

      HashiCorp Vault

      HashCorp vault is an identity-based secret and encryption management system. It helps to secure, store, and control access to tokens, passwords, certificates, and encryption keys for protecting secrets and other sensitive data. It helps to generate static(long-lived) or dynamic (short-lived) credentials that are automatically rotated and revoked when they expire. 

      The Key-value secret credentials generated in the HashiCorp instance are used to access the data source. When establishing a connection with a data source, the OvalEdge application makes a call to the HashiCorp in real time to read the secret credentials.

      • Create Key-Value secret credentials with data source details in the HashiCorp Vault.
      • In the OvalEdge application, connect to HashiCorp Connector and configure the secret details generated in the HashiCorp Vault.
      • To establish a connection with a specific connector, the user needs to give the path/username & path/password

       

      Validating HashiCorp secret credentials:

      1. To establish a connection with a data source, the users need to connect to the HashiCorp Manager Connector in the OvalEdge platform. 
      2. Navigate to Administrator > Connectors > + icon (Add a Connection).

        six
        seven
      3. Enter the secret credentials created in the HashiCorp instance.
      4. Click on the Save button to save the connection details. Click on the Validate button to validate the entered connection details. 

      Field Name

      Description

      Connector Type*

      By default, the selected connection type is displayed as HashiCorp. 

      Vault Name*

      It is the connection name. Enter the connection name specified in the Connection Name textbox. Example: HashiCrop_1.

      Vault BaseUrl*

      Enter the server name/URL to connect to the HashiCorp connector.

      Vault Token*

      Enter the vault token generated in the HashiCorp instance.

      Select Bridge

      By default, the No Bridge option will be displayed.

       Establishing a connection using HashiCorp secret credentials:

      1. Go to Administrator > Connectors > + icon Add New Connection.
      2. In the Manage Connector pop-up, enter the details in the fields provided.
      3. Select HashiCorp as Credential Manager and enter the user credentials in the fields. For Example, Username - path/username & Password - path/password. 
      4. Click the Save button to save the details. Click Validate to get access to the data source.