1. Introduction
OMNIA allows you to configure a Secret Manager that will help you protect secrets needed to access your services. OMNIA supports multiple kinds of Secret Managers:
- Azure Key Vault
- AWS System Manager Parameter Store
- HashiCorp Vault
2. Secrets
Any configuration option used by OMNIA (config/omnia.json) can be overridden by the configured Secret Manager.
Example: to store the PostgreSQL Connection String as a secret, you can configure a secret and the configuration in the omnia.json will be ignored.
3. Services
3.1. Azure Key Vault
You can use the Azure Key Vault with Managed Identity.
To configure OMNIA to use Key Vault, add the following section to the configuration file (config/omnia.json):
"SecretManager":{
"Name":"AzureKeyVault",
"Arguments":{
"KeyVaultName": "MY AZURE KEY VAULT NAME"
}
}
Note: The secret key name must obey the multiple levels of the configuration structure. Use “–” to represent hierarchy navigation. Example: ConnectionStrings–PostgreSQL.
3.2. AWS System Manager Parameter Store
To configure OMNIA to use Parameter Store, add the following section to the configuration file (config/omnia.json):
"SecretManager":{
"Name":"AwsSystemManager",
"Arguments":{
"Path": "/omnia/"
}
}
Note: The secret key name must obey the multiple levels of the configuration structure.
Use “/” to represent hierarchy navigation.
Example (for a configured path /omnia/): /omnia/ConnectionStrings/PostgreSQL.
3.3. HashiCorp Vault
To configure OMNIA to use Vault, add the following section to the configuration file (config/omnia.json):
"SecretManager":{
"Name":"HashiCorpVault",
"Arguments":{
"VaultUri": "http://.../",
"Token": "MY TOKEN",
"Path":"/secret/omnia"
}
}
Note: The secret key name must obey the multiple levels of the configuration structure. Use “:” to represent hierarchy navigation. Example: ConnectionStrings:PostgreSQL.