Configuring Thycotic Secret Server with StreamSets Data Collector

  • 19 November 2021
  • 0 replies
  • 166 views
Sami
Rank
Userlevel 3
  • Sami StreamSets Employee
  • StreamSets Employee
  • 0 replies

Scenario:

 

I'm using Thycotic Secret Server to store my credentials and I would like to configure Data Collector to use the secrets stored in this credential store.

 

Solution:

1. Prerequisites

 

First, a user needs to have access to Local Login account in Thycotic Secret Server (Thycotic documentation here) and all secrets that the user wants the Data Collector to use, must be stored in this account.

Note: In the on-prem installation of Thycotic Secret Server, this may be recognized as 'Domain' option -> Local.

 

2. SDC configuration

The following configuration needs to be changed in the $SDC_CONF/credential-stores.properties file:

  • credentialStore.thycotic.config.url=https://<host name>:<port number>
    • can be http as well
  • credentialStore.thycotic.config.username=<username>
    • username to the local login account in Thycotic Secret Server
  • credentialStore.thycotic.config.password=<password>
    • to the to the local login account in Thycotic Secret Server
  • credentialStore.thycotic.config.nameSeparator=-
    • Make sure that the configuration in present. If the configuration is empty, you can set it to '-' like above or to a different character. In later SDC versions, the hyphen is set there by default.
    • The separator is used when calling credential EL in the pipeline configuration.

 

After making any changes in the credential-stores.properties file, the user needs to restart SDC.

 

3. Pipeline configuration

 

From the pipeline, you can call the secret the following way:

  • ${credential:get('thycotic',<group>,'<id><separator><field name>')}
    • as the <group>, you can use 'all'
    • <id> - When you create a secret in Thycotic Secret Server, the secret will have a URL. The ID is part of the URL. For example, if the URL is 'https://<thycotic_server_url>/app/#/app/secret/123/general', the ID is 123.
    • <separator> - by default, it is '-' but always check what is configured in credentialStore.thycotic.config.nameSeparator property in the $SDC_CONF/credential-stores.properties file
    • <field name> of the secret in Thycotic Secret Server. If you stored the password in the Password field, you will use 'Password' as the field name. Please see the picture below for more examples of the field names.
  • An example of such credential EL - ${credential:get('thycotic','all','123-Password')}

Examples of Field names of a secret in Thycotic Secret Server:

 

This topic has been closed for comments
Terms & Conditions