%20(1)-x8Y.png)
External Configuration Providers
In the UI, when configuring an integration parameter, it is possible to input a placeholder that, on script runtime, will fetch the actual value, from an external source – usually a Credentials Vault Provider.
This is useful for:
- Dynamic changing credentials
- Organizations where the credentials are stored in a vault
For example:
Instead of
placing Static credentials
You can place
This will indicate to the siemplify system, to fetch the password param value from: a CyberarkVault provider (authenticate with pre-configured CyberArkVault integrations credentials), and fetch the value from the property “my_key” under “safe1”, “folder1”, “account1” and place it as the actual value of the Integration’s param “Password”
—-
PlaceHolder Format:
[x1:::x2:::x3:::x4…]
- The external credentials provider format is a list of parameters, separated by “:::” inside Brackets. (There could be any number of params, as needed by the specific provider.)
- The first param (ie x1) is the provider name:
- Indicates the name of the external provider. The external provider will implement the fetching of the external data. It must be a Siemplify Integration, ie: CyberArkVault. The name must match an installed Marketplace integration.
-
This integration must have a module, with a class, with a method called
“get_config_siemplify” with the following signature:
-
The name of the module + class, must be stated in file
“…\Bin\Scripting\PythonSDK\external_providers.json”
IE:
x2 to x4 and get_config_siemplify implementation:
- config_phrase = The original placeholder as inputted by the user, without the brackets or the first param (x1, aka external provider name), meaning “x2:::x3:::x4”. So in our case “safe1:::folder1:::acount1:::my_key”
- **kwargs = the current integration (of the external provider) configuration, as configured and saved in Siemplify (via the Marketplace UI)
- In this example code, you can see the kwargs are used to define a 3rd party wrapper called cls, by which the “get_account_by_name” is called with provided safe, folder, account_name needed in order to fetch the actual value. Then, the result is sanitized to password values, and finally, the value it self is returned.