IBM Cloud Pak® for Data is a modular set of integrated software components for data analysis, organization and management. It is available for self-hosting, or as a managed service on IBM Cloud.

HashiCorp Vault is an identity-based secrets and encryption management system that is used to manage and protect access to sensitive data. By leveraging Vault, our customers will have centralized and encrypted secret storage, secret rotation policy, with comprehensive auditing, rich access control lists, support for multiple authentication methods across different cloud vendors and dynamic tracking.

Cloud Pak for Data facilitates the integration with external vaults, like HashiCorp, where users can store sensitive data as secrets. This feature enables users to utilize these secrets when establishing connections within Cloud Pak for Data, eliminating the need to manually input credentials.

In the following article, we will discuss the steps to integrate Cloud Pak for Data with HashiCorp vault, and use the secrets to connect to a Db2 warehouse instance deployed on Cloud Pak for Data platform.

1. Store your db2 warehouse secrets in HashiCorp Vault by following these steps to create a secret within HashiCorp Vault. After creating the secret, copy the API path for the secret, which will be utilized for importing the secrets into Cloud Pak for Data.

 2. Integrate your Cloud Pak for Data instance with Hashicorp vault and import the required secrets, the steps are as shown following

3. Finally, create a new platform connection to your Db2 warehouse instance by importing the credentials from your vault

Conclusion - Our HashiCorp Vault has been seamlessly integrated with the Cloud Pak for Data instance, and platform connections have been established by securely retrieving secrets from the vault. The management of credentials is now centralized, ensuring that end users can access necessary information without directly handling sensitive data.