Using a Credential Store

You can define keystore/truststore private keys and certificates in a credential store, then call the appropriate key and certificate from a stage that uses SSL/TLS encryption. The stage builds the keystore or truststore from the specified private key and certificates.

Important: To use a credential store for remote keystores and truststores, make sure that Data Collector is configured to use a supported credential store. For a list of supported credential stores and instructions on enabling each credential store, see Credential StoresCredential Stores in the Data Collector documentation.

Defining keys and certificates in a credential store allows you to securely store the sensitive information. For an additional layer of security, you can require group accessrequire group access to credential store secrets. For more information, see Group Access to Secrets in the Data Collector documentation.

Using a credential store also makes it easy to update keystores and truststores without having to edit the stages that use them. This can simplify tasks such as recycling keystores and truststores or migrating pipelines to production.

When using a credential store for the private key, store the key as a secret in any of the supported credential stores and then use the credential:get() function to retrieve the key.

When using a credential store for a PEM certificate, you can use either of the following methods:

Store the contents of the certificate as a secret in any of the supported credential stores and then use the credential:get() function to retrieve the secret.
Store the certificate in Microsoft Azure Key Vault and then use the credential:getWithOptions() function using the credentialType=certificate option to retrieve the certificate from Azure Key Vault.
Azure Key Vault supports storing PEM certificates directly in the vault. For more information about using Azure Key Vault as a credential store, see Microsoft Azure Key VaultMicrosoft Azure Key Vault in the Data Collector documentation.