You can configure instances of PingFederate's datastore plugins to retrieve datastore account passwords that are stored in an external secret management system (secret manager).
Before performing this task, you must:
- Install the CyberArk Credential Manager or another secret manager
- Integrate the secret manager with PingFederate
- Add the datastore passwords to the secret manager
- Configure an instance of PingFederate's secret manager plugin to access the secret manager
Instead of storing passwords for LDAP directories, JDBC databases, and REST API datastores in PingFederate, you can securely store the passwords in a secret manager for maintaining passwords and other secrets. When PingFederate needs to access a datastore, it uses a reference code to request the password from the secret manager. However, before that can happen, you must generate a reference code for the datastore password and add it to the datastore plugin instance.
To generate a reference code for a datastore password and add it to a datastore plugin instance: