Hornbill KeySafe provides secure encrypted storage for various types of Authentication currently only BPM Integration Nodes make use of these credentials but the KeySafe provides the foundations for secure credential storage for future applications or platform use. Currently any user with sys.c.manageKeysafe system right can view / create / update KeySafe credentials, future iterations will have the notion of sharing Credentials so only the creator anyone with shared rights can access them.
Hornbill KeySafe can be access from Administration Tool -> System -> Security -> KeySafe
Hornbill KeySafe supports a number of Credentials Types as shown in the screen grab below, Most Services have there own type like Twitter / Amazon / Google however there are some more generic types like HTTP Basic or APIKey.
Creating a Credential
There are two main types of credential one is for services based on oAuth1 and oAuth2 when you login and authenticate the Hornbill App to have access to your account and we store a token that authenticates us against that service, one example of this is Slack:
1. Once you have created a new Slack KeySafe credential you will see the Connect button.
2. Connecting will show a prompt of the Hornbill Slack Application asking for access.
3. Once Authenticated you then have the option to revoke access which clears the credential for KeySafe.
The other type of credential is where you safe the URL and or Authentication details one example of this is Amazon:
The credential details are added to the relevant sections and stored encrypted in the KeySafe database.
Any errors that might occur during the authentication in KeySafe will be added to com.hornbill.core_keysafe.log file accessible from the Administration Tool.