Hanzo
PlatformHanzo KMSIntegrationsApp Connections

Overview

Learn how to manage and configure third-party app connections with Hanzo KMS.

App Connections enable you to integrate your Hanzo KMS projects with third-party services in a secure and versatile way.

App connections can also be created and managed independently in projects now.

Concept

App Connections can be used to establish connections with third-party applications that can be used across multiple features. Example use cases include syncing secrets, rotating credentials, scanning repositories for secret leaks, and more.


%%{init: {'flowchart': {'curve': 'linear'} } }%%
graph TD
A[AWS]
B[AWS Connection]
C[Project 1 Secret Sync]
D[Project 2 Secret Sync]
E[Project 3 Generate Dynamic Secret]

B --> A
C --> B
D --> B
E --> B

classDef default fill:#ffffff,stroke:#666,stroke-width:2px,rx:10px,color:black
classDef aws fill:#FFF2B2,stroke:#E6C34A,stroke-width:2px,color:black,rx:15px
classDef project fill:#E6F4FF,stroke:#0096D6,stroke-width:2px,color:black,rx:15px
classDef connection fill:#F4FFE6,stroke:#96D600,stroke-width:2px,color:black,rx:15px

class A aws
class B connection
class C,D,E project

Workflow

App Connections require initial setup in both your third-party application and Hanzo KMS. Follow these steps to establish a secure connection:

For step-by-step guides specific to each application, refer to the App Connections section in the sidebar.

  1. Create Access Entity: If necessary, create an entity such as a service account or role within the third-party application you want to connect to. Be sure to limit the access of this entity to the minimal permission set required to perform the operations you need. For example:
    • For secret syncing: Read/write permissions to specific secret stores
    • For dynamic secrets: Permissions to create temporary credentials

Whenever possible, Hanzo KMS encourages creating a designated service account for your App Connection to limit the scope of permissions based on your use-case.

  1. Generate Authentication Credentials: Obtain the required credentials from your third-party application. These can vary between applications and might be:
    • an API key or access token
    • A client ID and secret pair
    • other credentials, etc.
  2. Create App Connection: Configure the connection in Hanzo KMS using your generated credentials through either the UI or API.

Some App Connections can only be created via the UI such as connections using OAuth.

  1. Utilize the Connection: Use your App Connection for various features across Hanzo KMS such as our Secrets Sync by selecting it via the dropdown menu in the UI or by passing the associated connectionId when generating resources via the API.

Platform Managed Credentials

Some App Connections support the ability to have their credentials managed by Hanzo KMS. By enabling this option, Hanzo KMS will modify the credentials to prevent external use of the configured access entity.

How is this guide?

Last updated on

Machine Authentication

Browse and search through all available machine authentication methods for Hanzo KMS.

1Password Connection

Learn how to configure a 1Password Connection for Hanzo KMS.

On this page

Concept
Workflow
Platform Managed Credentials