Skip to Main Content
Integration


This is an IBM Automation portal for Integration products. To view all of your ideas submitted to IBM, create and manage groups of Ideas, or create an idea explicitly set to be either visible by all (public) or visible only to you and IBM (private), use the IBM Unified Ideas Portal (https://ideas.ibm.com).


Shape the future of IBM!

We invite you to shape the future of IBM, including product roadmaps, by submitting ideas that matter to you the most. Here's how it works:

Search existing ideas

Start by searching and reviewing ideas and requests to enhance a product or service. Take a look at ideas others have posted, and add a comment, vote, or subscribe to updates on them if they matter to you. If you can't find what you are looking for,

Post your ideas
  1. Post an idea.

  2. Get feedback from the IBM team and other customers to refine your idea.

  3. Follow the idea through the IBM Ideas process.


Specific links you will want to bookmark for future use

Welcome to the IBM Ideas Portal (https://www.ibm.com/ideas) - Use this site to find out additional information and details about the IBM Ideas process and statuses.

IBM Unified Ideas Portal (https://ideas.ibm.com) - Use this site to view all of your ideas, create new ideas for any IBM product, or search for ideas across all of IBM.

ideasibm@us.ibm.com - Use this email to suggest enhancements to the Ideas process or request help from IBM for submitting your Ideas.


Status Not under consideration
Workspace App Connect
Created by Guest
Created on Jan 3, 2025

Hashicorp Vault integration for ACE mqsicredentials

We were excited to hear about IBM's acquisition of Hasicorp Vault and would like to see the Hasicorp Vault integration for ACE, particularly for storing mqsicredentials commands which produces an ACE Vault. We assume that the Hashicorp Vault would either be hosted privately on IBM Cloud/Azure or locally on a central Openshift cluster that we provision or in similar ways. We also assume then that the license for Hashicorp would naturally wont be needed for existing CP4I customers.

We are running ACE SC-2 release pods on CP4I on Openshift on Azure since a few years now and following is the background for our request.

- Today the mqsicredentials file with commands is > 35KB in size which prevents us from storing it in Azure Key Vault

- We tried to use Azure container blob, but the driver is unreliable and is supported only on Openshift ARO.

- So finally we really do not store the credentials anywhere except inside Openshift secrets which is a Single Point of Failure.

- With the above exception, everything else is synced from Azure Key Vault and works very well for us.

- Today we construct an ACE vault and then execute the mqsicredentials commands and create an Openshift secret holding the ACE Vault file ready to be mounted onto the ACE integration runtime pods, since this is a home grown solution, we have raised another RFE to address this in the future: https://ideas.ibm.com/ideas/CIP-I-321

Idea priority Urgent
  • Admin
    Ben Thompson
    Reply
    |
    Jan 27, 2025

    Thank you for taking the time to raise this enhancement request, which we are closing due to its similarity to an existing duplicate request APPC-I-1025. When considering the way in which we might exploit the new-to-IBM Hashicorp vault technology in the future, we will need to consider whether the vault is used as an alternative to OpenShift Secrets, and then credentials taken from there and loaded into specific ACE containers when started, or whether a better solution would be to dynamically reach out to a vault to gather a credential when required (and potentially also cache it in memory at that stage). Status of idea is moved to Not Under Consideration but duplicate is noted on APPC-I-1025.