Secure Parameter Store

As an operator, you will need to be able to configure secret storage for the DRP Endpoint.

By default, a DRP endpoint will locally encrypt secrets at rest and in-memory until needed for a specific operation.

There are additional stores that can be used to handle secure parameters. All methods allow for parameterized retrieval of secrets.

• Vault - Use Hashicorp Vault as secret store. Vault Configuration
• Command KeyVault - Pulls secrets from command line scripts run on the DRP endpoint. Command KeyVault Configuration
• Azure KeyVault - Pulls secrets and certificates from Azure Cloud. Azure KeyVault Configuration
• AWS Secrets Manager - Pulls secrets and certificates from AWS. AWS Secman Configuration

Secure Parameter Architecture has more details on the general architecture.