TRASA stores all keys and secrets in secure vault known as TsxVault.
Passwords, Secret keys, API tokens etc. are needed by TRASA to integrate with 3rd party services. For example, FCM tokens, Email config settings, IDP integration keys.
Initially, after installation, the vault is in the "Uninitialized" state. You need to initialize the vault.
When the vault is initialized, decryption keys are generated, and the vault will be in the "Decrypted" state. The decryption keys are stored in memory. So if the TRASA service restarts, the vault will be in the "Encrypted" state. You need to decrypt the vault using the decryption keys to start using it again.
Initialize Vault (one time only)
- Open Menu Drawer and click on Providers
- Go to "Secret Storage" tab
- Click the Initialise button
- Copy the decryption keys and keep them safely
Decrypt the Vault
If TRASA service restarts, you need to decrypt the vault to start using it again.
To do that,
- Go to the Providers page.
- Click the "Secret Storage" tab.
- Click the "Enter Decryption Key" dropdown.
- Enter a decryption key and click submit.
- Submit two more decryption keys.
Storing Service Credentials
If the Vault is in a decrypted state, you can use it to store service credentials like passwords and keys.
- Go to services and click on the service you want to configure credentials
- Go to “Manage Credentials” tab
- Fill in username and password/key
- Click on + sign to save
From now on, users won’t be asked for a password while logging into this service with this privilege