Skip to content
Katalogue Docs

Password Managers

It is possible to fetch passwords for Connections from password managers instead of storing them locally in Katalogue. This enables a more centralized and secure password management.

Currently, Azure Key Vault is the only supported password manager and it is only possible to integrate with one Key Vault per Katalogue instance.

Using the Azure Key Vault integration

Section titled “Using the Azure Key Vault integration”
  1. Configure the key vault in Azure and add it to Katalogue as described below.
  2. Create a new or edit an existing connection to a datasource that requires a password.
  3. Go to the Connection tab in the Add/Edit Connection dialog.
  4. An option to select password source will now be available. Select Azure Key Vault.
  5. Enter the name of the secret in the Azure Key Vault.
  6. Test the connection to verify that it works.
  7. Save the connection.

Configuration

Section titled “Configuration”

The Azure Key Vault integration must be setup both on the Azure side and Katalogue side.

Note that the Azure Key Vault integration requires Katalogue to be configured to use Azure OpenID Connect authentication to setup Azure Key Vault integration.

Azure Key Vault Configuration

Section titled “Azure Key Vault Configuration”

  1. Create an Azure Key Vault

    • Go to the Azure Portal.
    • Search for “Key Vault” and select Key Vaults.
    • Click Create and provide the required details.
    • Once created, navigate to your Key Vault instance.

  2. Store a Secret in the Key Vault

    • Navigate to your Key Vault instance in the Azure Portal.
    • Under the Secrets menu, click Generate/Import.
    • Enter a Name and Value for your secret.
    • Save the secret.

  3. Create a Microsoft Entra ID App Registration (this step should already have been done during the Azure OpenID Connect setup)

  • Go to the Microsoft Entra ID service in the Azure Portal.

  • Under App registrations, click New registration:

    • Name: Provide a name for your application (e.g., “MyKeyVaultApp”).
    • Supported account types: Select based on your requirements (e.g., “Single tenant”).
    • Redirect URI: Leave this blank for now.
    • Click Register.

  • After registering the app:

    • Copy the Application (client) ID and Directory (tenant) ID. These will be used in your app.
    • Under Certificates & secrets, click New client secret:
      • Provide a description and expiration period.
      • Copy the generated client secret. (You will not be able to see it again, so save it securely.)

  1. Assign Permissions in Key Vault

    • Go back to your Key Vault instance in the Azure Portal.
    • Under the Access policies section:
      • Click + Add Access Policy.
      • Set the following:
        • Secret permissions: Get, List.
      • Under Select principal, search for the Microsoft Entra ID app registration you created earlier and select it.
      • Click Add and then Save.

Katalogue Configuration

Section titled “Katalogue Configuration”
  1. Go to Settings -> Password Managers and click “Enable Azure Key Vault”
  2. Enter the name of the Azure Key Vault.
  3. Click Save to save the settings.