5️⃣
Cinchy Platform Documentation
Cinchy v5.8
Cinchy v5.8
  • Data Collaboration Overview
  • Release notes
    • Release notes
      • 5.9 release notes
      • 5.8 Release Notes
      • 5.7 Release Notes
      • 5.6 Release Notes
      • 5.5 Release Notes
      • 5.4 Release Notes
      • 5.3 Release Notes
      • 5.2 Release Notes
      • 5.1 Release Notes
      • 5.0 Release Notes
  • Support
  • Glossary
  • FAQ
  • Deployment guide
    • Deploying Cinchy
      • Plan your deployment
        • Deployment architecture
          • Kubernetes architecture
          • IIS architecture
        • Deployment prerequisites
          • Single Sign-On (SSO) integration
            • Enable TLS 1.2
            • Configure ADFS
            • AD Group Integration
      • Kubernetes
        • Disable your Kubernetes applications
        • Change your file storage configuration
        • Configure AWS IAM for Connections
        • Use Self-Signed SSL Certs (Kubernetes)
        • Deploy the CLI (Kubernetes)
      • IIS
  • Upgrade guide
    • Upgrade Cinchy
      • Cinchy Upgrade Utility
      • Kubernetes upgrades
        • v5.1 (Kubernetes)
        • v5.2 (Kubernetes)
        • v5.3 (Kubernetes)
        • v5.4 (Kubernetes)
        • v5.5 (Kubernetes)
        • v5.6 (Kubernetes)
        • v5.7 (Kubernetes)
        • v5.8 (Kubernetes)
        • Upgrade AWS EKS Kubernetes version
        • Update the Kubernetes Image Registry
        • Upgrade Azure Kubernetes Service (AKS)
      • IIS upgrades
        • v4.21 (IIS)
        • v4.x to v5.x (IIS)
        • v5.1 (IIS)
        • v5.2 (IIS)
        • v5.3 (IIS)
        • v5.4 (IIS)
        • v5.5 (IIS)
        • v5.6 (IIS)
        • v5.7 (IIS)
        • v5.8 (IIS)
      • Upgrading from v4 to v5
  • Guides for using Cinchy
    • User Guide
      • Data Browser overview
      • The Admin panel
      • User preferences
        • Personal access tokens
      • Table features
      • Data management
      • Queries
      • Version management
        • Versioning best practices
      • Commentary
    • Builder Guide
      • Best practices
      • Create tables
        • Attach files
        • Columns
        • Data controls
          • Data entitlements
          • Data erasure
          • Data compression
        • Formatting rules
        • Indexing & partitioning
        • Linking data
        • Table and column GUIDs
        • System tables
      • Delete tables
        • Restore tables, columns, and rows
      • Saved queries
      • CinchyDXD
        • Overview
        • DXD workflow
        • Package the data experience
        • Install the data experience
        • Release package
        • Changelog
        • References
          • Cinchy DXD CLI reference
          • Data Experience Definitions table
          • Data Experience Reference table
      • Multilingual support
      • Integration guides
    • Administrator Guide
    • Additional guides
      • Monitor and Log on Kubernetes
        • Grafana
        • OpenSearch dashboards
          • Set up Alerts
        • Monitor via ArgoCD
      • Maintenance
      • Cinchy Secrets Manager
      • GraphQL (Beta)
      • System properties
      • Enable Data At Rest Encryption (DARE)
      • Application experiences
        • Network map
          • Custom node results
          • Custom results in the Network Map
        • Set up experiences
  • API Guide
    • API overview
      • API authentication
      • API saved queries
      • ExecuteCQL
      • Webhook ingestion
  • CQL
    • Overview
      • CQL examples
      • CQL statements overview
        • Cinchy DML statements
        • Cinchy DDL statements
      • Cinchy supported functions
        • Cinchy functions
        • Cinchy system values
        • Cinchy User Defined Functions (UDFs)
          • Table-valued functions
          • Scalar-valued functions
        • Conversion functions
        • Date and Time types and functions
          • Return System Date and Time values
          • Return Date and Time parts
          • Return Date and Time values from their parts
          • Return Date and Time difference values
          • Modify Date and Time values
          • Validate Date and Time values
        • Logical functions
        • Math functions
        • String functions
        • Geometry and Geography data type and functions
          • OGC methods on Geometry & Geography instances
          • Extended methods on Geometry & Geography instances
        • Full Text Search functions
        • Connections functions
        • JSON functions
    • CQL functions reference list
  • Meta-Forms
    • Introduction
    • Install Meta-Forms
      • Deploy Meta-Forms (Kubernetes)
      • Deploy Meta-Forms (IIS)
    • Forms data types
    • Meta-Forms Builder Guide
      • Create a dynamic meta-form with tables
      • Create a dynamic meta-form example with Form Designer
      • Add links to a form
      • Rich text editing in forms
  • Data syncs
    • Get started with data syncs
    • IIS installation
      • Install Connections
      • Install the Worker/Listener
      • Install the Connections CLI
    • Build data syncs
      • Data sync types
      • Design patterns
      • Sync actions
      • Columns and mappings
        • Calculated column examples
      • Advanced settings
        • Filters
        • Variables
        • Auth requests
        • Request headers
        • Post sync scripts
        • Pagination
      • Batch data sync example
      • Real-time sync example
      • Schedule a data sync
      • Connection functions
    • Data sync sources
      • Cinchy Event Broker/CDC
        • Cinchy Event Broker/CDC XML config example
      • Cinchy Table
        • Cinchy Table XML config example
      • Cinchy Query
        • Cinchy Query XML config example
      • Copper
      • DB2 (query and table)
      • Dynamics 2015
      • Dynamics
      • DynamoDB
      • File-based sources
        • Binary file
        • Delimited file
        • Excel
        • Fixed width file
        • Parquet
      • Kafka Topic
        • Kafka Topic example config
        • Apache AVRO data format
      • LDAP
      • MongoDB collection
        • MongoDB collection source example
      • Mongo event
      • MongoDB collection (Cinchy event)
      • MS SQL Server (query and table)
      • ODBC Query
      • Oracle (query and table)
      • Polling event
        • Polling event example config
      • REST API
      • REST API (Cinchy event)
      • SAP SuccessFactors
      • Salesforce Object (Bulk API)
      • Salesforce platform event
      • Salesforce push topic
      • Snowflake
        • Snowflake source example config
      • SOAP 1.2 web service
      • SOAP 1.2 web service (Cinchy Event Triggered)
    • Data sync destinations
      • Cinchy Table
      • DB2 table
      • Dynamics
      • Kafka Topic
      • MongoDB collection
      • MS SQL Server table
      • Oracle table
      • REST API
      • Salesforce
      • Snowflake table
      • SOAP 1.2 web service
    • Real-time sync stream sources
      • The Listener Config table
      • Cinchy Event Broker/CDC
      • Data Polling
      • Kafka Topic
      • MongoDB
      • Salesforce Push Topic
      • Salesforce Platform Event
    • CLI commands list
    • Troubleshooting
  • Other Resources
    • Angular SDK
    • JavaScript SQK
Powered by GitBook
On this page
  • Overview
  • Creating a secret
  • Call a secret via API
  • Use a secret as a connections variable
  • Use a secret in real-time syncs
  • Use a secret in the Listener Config table
  • Listener Config parameters
  1. Guides for using Cinchy
  2. Additional guides

Cinchy Secrets Manager

This page outlines the Cinchy Secrets Manager, added to the platform in v5.7.

PreviousMaintenanceNextGraphQL (Beta)

Last updated 1 year ago

Overview

The Cinchy platform provides a built-in solution for securely storing secrets known as the Cinchy Secrets Table. Built with adherence to Cinchy’s Universal Access Controls, this table functions as a key vault similar to services like Azure Key Vault or AWS Secrets Manager. It allows you to store sensitive data that's accessible only to specific user groups with authorized access.

Within the Connections UI, you can use variables stored in this table, which then resolve as secrets. This approach ensures careful handling of confidential information. Some common use cases include:

  • Including them in a connection string.

  • Using them in REST Headers, URLs, or the request body.

  • Configuring the Listener via the Listener Config table.

Cinchy has also introduced a new for retrieving your stored secrets.

Creating a secret

To create a secret in Cinchy:

  1. Navigate to the [Cinchy].[Secrets] table on your platform (see Image 1).

  2. Provide the following details for your secret:

Field
Description
Example

Secret Source

The location where the secret is stored. This field supports only 'Cinchy' as a source.

Cinchy

Domain

The domain name of the location where the secret is stored.

QA

Name

The identifier for your secret.

Password

Secret Value

The actual secret content.

YourSecretValueHere

Description

A brief explanation of the secret's purpose.

This secret contains the password for logging into the QA environment.

Read Groups

A list of User Groups with read access to the secret. These groups can access the secret via the API, table, Connections UI, or CQL.

GroupA, GroupB

Write Groups

A list of User Groups with write access to configure the secret.

GroupC, GroupD

Call a secret via API

Blank Example:

<base-url>/api/v1.0/secrets-manager/secret?secretName=<secret-name>&domain=<domain-name>

Populated Example:

The example below uses ExampleSecret as a secretName and Sandbox as the domain:

Cinchy.net/api/v1.0/secrets-manager/secret?secretName=<ExampleSecret>&domain=<Sandbox>

The API response will be in the following format:

{
    "secretValue": "password123"
}

Use a secret as a connections variable

To use a Secret within Connections:

  1. In the Connections UI, navigate to Info > Variables.

  2. Under the Variables section, select Secret.

  3. Enter the name of your variable.

  4. Under the Value dropdown, select the secret you want to assign from the Secrets table.

Use a secret in real-time syncs

You can also use your Cinchy Secrets when configuring your Listener for real-time syncs.

To use a secret in real-time syncs:

  1. When configuring your sync, navigate to the Info Tab > Variables.

  2. Under the Variables section, choose Secret.

  3. Input the name of your variable.

  4. Under the Value dropdown, choose the secret you intend to assign from the Secrets table.

  5. Go to the Source tab.

  6. Within the Listener section, input the secret variables as values for the relevant property in your Topic or Connection Attribute fields.

    For example:

    {
      "InstanceAuthUrl": "@Url",
      "ApiVersion": 41.0,
      "GrantType": "@GrantType",
      "ClientId": "@ClientId",
      "UserName": "@Username",
      "Password": "@Password"
    }

Use a secret in the Listener Config table

You can also add a secret that's attached to a variable to the Topic or Connection Attributes in the Listener Config table.

  1. Open the Listener Config table.

  2. Select the row that corresponds to your data sync.

  3. Select the Topic or Connection Attribute cell you want to change.

  4. Replace the value for a property with the variable assigned to a secret.

For example, in the JSON code below, the Connection Attribute property connectionString is replaced with the @connectionString variable defined in the data sync.

{
  "connectionString": "@connectionString",
  "retryConfiguration": {
    "retryMaxAttempts": "2",
    "retryDelayStrategy": "Linear"
  }
}

Listener Config parameters

The following table provides an overview of which parameters you can use as secrets for each event connector type.

Event Connector Type
Topic
Connection Attributes
Value as Parameter/Secrets

Cinchy CDC

tableGuid

No

filter

Yes

messageKeyExpression

Yes

batchSize

No

Salesforce Push Topic

Name

Yes

Id

Yes

Query

Yes

InstanceAuthUrl

Yes

GrantType

Yes

ClientId

Yes

ClientSecret

Yes

UserName

Yes

Password

Yes

ApiVersion

No

MongoDB Event

database

Yes

collection

Yes

pipelineStage

Yes

connectionString

Yes

Data Polling

FromClause

Yes

CursorColumn

Yes

FilterCondition

Yes

CursorColumnDataType

Yes

Columns

Yes

BatchSize

No

Delay

No

databaseType

Yes

connectionString

Yes

Kafka Topic

topicName

Yes

bootstrapServers

Yes

Salesforce Platform Event

Name

Yes

InstanceAuthUrl

Yes

GrantType

Yes

ClientId

Yes

ClientSecret

Yes

UserName

Yes

Password

Yes

ApiVersion

No

Amazon SQS

deleteMessages

No

awsRegion

No

awsAccessKey

Yes

awsSecret

Yes

queueUrl

Yes

Cinchy has a new designed for retrieving secrets. By utilizing the endpoint provided below, you can specify the <base-url>, <secret-name>, and <domain-name> to retrieve the desired secret.

This endpoint functions seamlessly with Cinchy’s capability, along with Access Tokens obtained from your Identity Provider (IDP).

You can use secrets stored in the Cinchy Secrets table as for your data syncs, wherever you use a variable. For instance, you can incorporate them within a connection string, an access key ID, or within a REST Source or Destination in the Header.

API endpoint
API endpoint
Personal Access Token
variables
Image 1: Cinchy Secrets Table