· Feb 23

Securely storing credentials for external systems used in a production


I need a way to securely store credentials in IRIS that are used to access third-party APIs. These credentials include different clientId/secret pairs that I don't want to expose. While I know that it's possible to define Production Credentials in Ens.Config.Credentials, I understand that they are stored in plain text.

Does anyone have an idea of how to securely store credentials in IRIS? For your information, I am using IRIS with docker-compose and I am wondering if using HashiCorp Vault together with IRIS could be the solution. Has anyone used Vault before with their IRIS installations? If yes, could you provide an example of how to use Vault and how to programmatically access secrets stored in Vault via IRIS?

Any ideas?

Best regards, Kari

Discussion (2)1
Log in or sign up to continue

Hi Kari,

this really depends on the authentication options of the 3rd party api.

If the 3rd party api only accept e.g. username/paswords then it will never be more secure even if you use a password vault, as the password needs to be cleartext to be provided to the 3rd party. 

Different story if the api accepts  e.g OAUTH based keys/hashes.
refer to : OAuth 2.0 Client | InterSystems IRIS Data Platform 2022.3

Best Regards