Skip to main content

Cinchy secrets manager

Overview

The Cinchy platform provides a built-in solution for securely storing secrets known as the Cinchy Secrets Table. Built with adherence to Cinchy’s Universal Access Controls, this table functions as a key vault similar to services like Azure Key Vault or AWS Secrets Manager. It allows you to store sensitive data that's accessible only to specific user groups with authorized access.

Within the Connections UI, you can use variables stored in this table, which then resolve as secrets. This approach ensures careful handling of confidential information. Some common use cases include:

  • Including them in a connection string.
  • Using them in REST Headers, URLs, or the request body.
  • Configuring the Listener via the Listener Config table.

Cinchy has an API endpoint for retrieving your stored secrets.

Creating a secret

To create a secret in Cinchy:

  1. Navigate to the [Cinchy].[Secrets] table on your platform.
  2. Provide the following details for your secret:
FieldDescriptionExample
Secret SourceThe location where the secret is stored. This field supports only 'Cinchy' as a source.Cinchy
DomainThe domain name of the location where the secret is stored.QA
NameThe identifier for your secret.Password
Secret ValueThe actual secret content.YourSecretValueHere
DescriptionA brief explanation of the secret's purpose.This secret contains the password for logging into the QA environment.
Read GroupsA list of User Groups with read access to the secret. These groups can access the secret via the API, table, Connections UI, or CQL.GroupA, GroupB
Write GroupsA list of User Groups with write access to configure the secret.GroupC, GroupD

Call a secret via API

Cinchy has anAPI endpoint designed for retrieving secrets. By utilizing the endpoint provided below, you can specify the <base-url>, <secret-name>, and <domain-name> to retrieve the desired secret.

This endpoint functions seamlessly with Cinchy’s Personal Access Token capability, along with Access Tokens obtained from your Identity Provider (IDP).

Blank Example:

<base-url>/api/v1.0/secrets-manager/secret?secretName=<secret-name>&domain=<domain-name>

Populated Example:

The example below uses ExampleSecret as a secretName and Sandbox as the domain:

Cinchy.net/api/v1.0/secrets-manager/secret?secretName=<ExampleSecret>&domain=<Sandbox>

The API response will be in the following format:

{
"secretValue": "password123"
}

Use a secret as a connections variable

You can use secrets stored in the Cinchy Secrets table as variables for your data syncs, wherever you use a variable. For instance, you can incorporate them within a connection string, an access key ID, or within a REST Source or Destination in the Header.

To use a Secret within Connections:

  1. In the Connections UI, navigate to Info > Variables.
  2. Under the Variables section, select Secret.
  3. Enter the name of your variable.
  4. Under the Value dropdown, select the secret you want to assign from the Secrets table.

Use a secret in real-time syncs

You can also use your Cinchy Secrets when configuring your Listener for real-time syncs.

info

If the value of your secret changes, an automatic restart of the Listener Config will not be triggered. The old value will continue to be used until the Listener Config is disabled and re-enabled.

To use a secret in real-time syncs:

  1. When configuring your sync, navigate to the Info Tab > Variables.

  2. Under the Variables section, choose Secret.

  3. Input the name of your variable.

  4. Under the Value dropdown, choose the secret you intend to assign from the Secrets table.

  5. Go to the Source tab.

  6. Within the Listener section, input the secret variables as values for the relevant property in your Topic or Connection Attribute fields.

    For example:

    {
    "InstanceAuthUrl": "@Url",
    "ApiVersion": 41.0,
    "GrantType": "@GrantType",
    "ClientId": "@ClientId",
    "UserName": "@Username",
    "Password": "@Password"
    }

Use a secret in the Listener Config table

You can also add a secret that's attached to a variable to the Topic or Connection Attributes in the Listener Config table.

  1. Open the Listener Config table.
  2. Select the row that corresponds to your data sync.
  3. Select the Topic or Connection Attribute cell you want to change.
  4. Replace the value for a property with the variable assigned to a secret.

For example, in the JSON code below, the Connection Attribute property connectionString is replaced with the @connectionString variable defined in the data sync.

{
"connectionString": "@connectionString",
"retryConfiguration": {
"retryMaxAttempts": "2",
"retryDelayStrategy": "Linear"
}
}

Listener Config parameters

The following table provides an overview of which parameters you can use as secrets for each event connector type.

Event Connector TypeTopicConnection AttributesValue as Parameter/Secrets
Cinchy CDCtableGuidNo
filterYes
messageKeyExpressionYes
batchSizeNo
Salesforce Push TopicNameYes
IdYes
QueryYes
InstanceAuthUrlYes
GrantTypeYes
ClientIdYes
ClientSecretYes
UserNameYes
PasswordYes
ApiVersionNo
MongoDB EventdatabaseYes
collectionYes
pipelineStageYes
connectionStringYes
Data PollingFromClauseYes
CursorColumnYes
FilterConditionYes
CursorColumnDataTypeYes
ColumnsYes
BatchSizeNo
DelayNo
databaseTypeYes
connectionStringYes
Kafka TopictopicNameYes
bootstrapServersYes
Salesforce Platform EventNameYes
InstanceAuthUrlYes
GrantTypeYes
ClientIdYes
ClientSecretYes
UserNameYes
PasswordYes
ApiVersionNo
Amazon SQSdeleteMessagesNo
awsRegionNo
awsAccessKeyYes
awsSecretYes
queueUrlYes