Account storage
Administrators can configure account storage for the system and store asset account credentials in an external system. The following account storage types are currently supported:
- HashiCorp Vault
- Microsoft Azure Key Vault
- Amazon Web Services Secrets Manager
For security reasons, account storage can currently only be configured in the service configuration file (config.txt), and the JumpServer service must be restarted after configuration.
Enable account storage
Using HashiCorp Vault
Please refer to and modify the following configuration:
Using Microsoft Azure Key Vault
Please refer to and modify the following configuration:
- VAULT_ENABLED
- VAULT_BACKEND
- VAULT_AZURE_HOST
- VAULT_AZURE_CLIENT_ID
- VAULT_AZURE_CLIENT_SECRET
- VAULT_AZURE_TENANT_ID
Using Amazon Web Services Secrets Manager
Please refer to and modify the following configuration:
- VAULT_ENABLED
- VAULT_BACKEND
- VAULT_AWS_REGION_NAME
- VAULT_AWS_ACCESS_KEY_ID
- VAULT_AWS_ACCESS_SECRET_KEY
Set the maximum number of account secret records
Administrators can set the maximum number of account secret records stored in the external vault system to avoid excessive storage usage.
In the right area of the top navigation bar, click .
In the left menu, click Features.
On the right page, click Account storage tab.
In the Record limit field, type the maximum number of account secret records to be stored in the external vault system.
Click Submit.
Synchronize account secrets to external vault
After enabling account storage, administrators need to manually sync existing account secrets stored in JumpServer's local database to the external vault system.
In the right area of the top navigation bar, click .
In the left menu, click Features.
On the right page, click Account storage tab.
Click Sync.
Account credentials can only be synchronized from the local database to the external account storage, reverse synchronization is not supported.