TRASA password and secret Vault

TRASA stores all keys and secrets in secure vault known as TsxVault.

Passwords, Secret keys, API tokens etc. are needed by TRASA to integrate with 3rd party services. For example, FCM tokens, Email config settings, IDP integration keys.

Vault States

  • Uninitialized
  • Initialized
    • Encrypted
    • Decrypted

Initially, after installation, the vault is in the "Uninitialized" state. You need to initialize the vault.

When the vault is initialized, decryption keys are generated, and the vault will be in the "Decrypted" state. The decryption keys are stored in memory. So if the TRASA service restarts, the vault will be in the "Encrypted" state. You need to decrypt the vault using the decryption keys to start using it again.

Initialize Vault (one time only)

  • Open Menu Drawer and click on Providersproviders-menu
  • Go to "Secret Storage" tab
  • Click the Initialise buttoninitialise
  • Copy the decryption keys and keep them safelykeys

Decrypt the Vault

If TRASA service restarts, you need to decrypt the vault to start using it again.

To do that,

  • Go to the Providers page.
  • Click the "Secret Storage" tab.
  • Click the "Enter Decryption Key" dropdown.
  • Enter a decryption key and click submit.
  • Submit two more decryption keys.
keys

Storing Service Credentials

If the Vault is in a decrypted state, you can use it to store service credentials like passwords and keys.

  • Go to services and click on the service you want to configure credentials
  • Go to “Manage Credentials” tab
  • Fill in username and password/key
  • Click on + sign to savemanage-creds-tab

From now on, users won’t be asked for a password while logging into this service with this privilege