Admin: Secret management
Secret management can be used in the following contents in RPI:
To manage application setting secrets.
To persist passwords that are stored in the RPI System Configuration interface.
To enable secret management:
Ensure that applicable Cloud Identity (Azure or Google) application settings are configured.
Within Secret Management application settings:
Select a secret management Provider (Azure KeyVault or Google Secret Manager).
Specify whether the secret manager will be used to manage application setting secrets and/or system configuration passwords.
If using Azure secret management, ensure that the Azure Key Vault Configuration settings are configured.
When using an Azure KeyVault secret to override an application setting, the secret’s name must match the environment variable name, with any underscores replaced by hyphens - e.g. 'ConnectionStrings-OperationalDatabase'. If using Google Secret Manager, the character replacement is not required.
In addition, when using a secret manager and specifying passwords during tenant deployment, you can reference a secret using the format '{{key-vault-key}}'. If you specify a password using plain text, a secret is automatically created to persist the same.