Using Google Secret Manager for Credential Management Service

Google Secret Manager is a service from Google Cloud for easier management of secrets.

A new Google Secret Manager provider is added for the credential management for property of type password.

Google Secret Manager has the following fields:

  • Secret ID: The Secret ID.
  • Project ID: (Optional) The Project ID. The project can either be configured at the property level or by providing the project ID for the entire application by passing the GOOGLE _PROJECT_ID environment variable. For more information on the environment variables, see Environment Variables for Docker.
  • Version: (Optional) The Secret Version. If no version is provided, the application picks the latest version.

On TIBCO Business Studio for BusinessWorks, the format is stored as #<secret_id>#, #<project_id>::<secret_id>#, or #<project_id>::<secret_id>::<version>#

TIBCO Business Studio for BusinessWorks supports two authorization methods to connect to the Google Secret Manager:

  • Token
  • Service Account

To enable the Google Secret Manager credential management system, pass the following environment variables at runtime:

  • GOOGLE_PROJECT_ID
  • GOOGLE_SECRET_MANAGER
  • GOOGLE_SECRET_TOKEN
  • GOOGLE_CREDENTIALS

For more information on the environment variables, see Environment Variables for Docker.

To use Google Secret Manager for Credential Management Service, perform the following steps:

    Procedure
  1. Set the environment variables GOOGLE_SECRET_MANAGER and APP_CONFIG_PROFILE for authentication. Depending on the Token or Service authentication method selected, pass the additional GOOGLE_SECRET_TOKEN or GOOGLE_CREDENTIALS environment variables. For more information on the environment variables, see Environment Variables for Docker.
  2. In the application properties section, select Credential Management > Google Secret Manager, and the value gets populated in the following format: #project_id::secret_id::version#.