- 2 minutes to read
- 2 minutes to read
Applications inside senhasegura DSM allow administrators to create access segregation policies, where each application can have one or more Authorizations, allowing access to specific Secrets. Also, senhasegura DSM will automatically create reports based on those applications, making it easy for auditors to search specific data.
Another possible configuration is to have multiple Dynamic Provisioning profiles attached to an application. Every time a request to create a new authorization for that application is made, senhasegura DSM will use this profile to create Ephemeral Credentials on target devices or temporary Cloud Access Keys on AWS, Azure, or GCP, automatically registering them as secret.
Every application can have its authentication method, so other resources can use a secure way to fetch the secrets of a specific authorization.
This guide will demonstrate how to create and manage applications through the senhasegura DSM web interface. Please check the API guide for more information on creating applications through APIs.
Register an Application
To register a new application, follow the menu DevOps Secret Manager ➔ Applications ➔ Applications.
- In the report's action button, click on New
- In the Settings tab, fill in the following fields:
- Application name: Name of an application for management inside senhasegura DSM
- Authentication method: Method used to authenticate and retrieve data from senhasegura DSM
- OAuth 1.0: The client application will use the WebService A2A through the OAuth 1.0 login
- OAuth 2.0: The client application will use WebService A2A through OAuth 2.0 login
- Enabled: Whether the application will be active or not
- Line of Business (optional): The business type that the application serves
- Application type (optional): Application type
- Tags (optional): List of tags to further identify the application
- Description (optional): A detailed description of the application
- Amazon AWS ARNs (optional): A list of AWS credential ARNs
- In the Automatic provisioning tab, fill the following fields:
- Cloud dynamic provisioning profile: Select the provisioning profile used to create credentials on Cloud Providers
- Credential dynamic provisioning profile: Select the provisioning profile used to create credentials on Devices such as databases
- To finish, click on Save
The DSM module provides multiple ways for applications to obtain secret data. For more information on methods available, check the Authenticators guide.
Automatic provisioning allows credentials and access keys to be generated and deleted automatically during the creation and inactivation of an authorization. Please check the Dynamic Provisioning guide for more information on enabling and configuring it.
View an Application
To view the list of applications, follow the menu DevOps Secret Manager ➔ Applications ➔ Applications.
You can view registered applications on this screen with extra information such as name, description, systems, environments, business type, application type, tags, status, authentication method, and creation date.
View an Application authorization
To view application authorizations, follow the menu DevOps Secret Manager ➔ Applications ➔ Applications.
In the actions of an application, click on Authorizations.
On this screen, you can view the application authorization along with information such as the application name, environment, system, creation date, and status of that authorization;