Secrets managers offer centralized control, storage, and management of API keys, passwords, certificates, and any other sensitive information. Hyperscience’s secrets-management integration allows System Admins to take advantage of the following features:
Policy enforcement
Role-based access control
Auditing of secrets
Reducing the need to store sensitive data on disk
Supported secrets-management integrations
Hyperscience offers the following integrations:
For v32 and later:
CyberArk Conjur (v5.0 and later)
For v35.0.6 and later:
Limitations and validations
Secrets managers are available only for on-premise or private cloud deployments of Hyperscience.
The secrets-management integration is optional. You can continue storing all of your credentials in the “.env” file or store only some of your credentials in the secrets manager.
You can store only system-level credentials in the secrets manager.
You can’t store the credentials for any integrations that are configured within the Hyperscience application, such as credentials for API endpoints, message queues, and other connectors. You need to store these integrations’ credentials in the Hyperscience application.
The Hyperscience application starts only if all system-level credentials are successfully fetched from the secrets manager. Our integration has validations that prevent the application from starting if the secrets manager is incorrectly configured.
To maximize the benefits of using a secrets manager, we recommend following the guidelines outlined in Best Practices for Using a Secrets Manager.
Secrets Managers and SaaS deployments
The Hyperscience cloud services use Kubernetes to execute their workloads. Hashicorp Vault has its own sidecar container, able to inject secrets inside pod volumes based on annotations. To create a bridge between both, we use ExtrernalSecrets custom resource definition to generate native Kubernetes secrets.
Next Steps
Learn how to configure your secrets manager integration in the following articles: