Credential Stores

Data Collector pipeline stages communicate with external systems to read and write data. Many of these external systems require credentials - user names or passwords - to access the data. When you configure pipeline stages for these external systems, you define the credentials that the stage uses to connect to the system.

If you enter credential values directly in stage properties, you expose the credentials to any user with access to the pipeline. To access external systems without exposing the credentials, define credentials in a credential store and then use the Data Collector credential functions in the stage properties to retrieve those values.

Data Collector has a credential store API that integrates with the following credential store systems:
Important: Use the Java keystore credential store system in a development environment only. In a production environment, use a centralized keystore, such as Secrets Manager, CyberArk, Hashicorp Vault, or Azure Key Vault, to better secure credentials. A Java keystore credential storage system requires the distribution of a keystore file, which complicates security. Before using a Java keystore system, decide how the keystore will be distributed and consult with your IT security team to ensure that the system meets IT policies.

You can configure Data Collector to use multiple credential stores at the same time. Each credential store is identified by a unique ID.

Tip: When you define credentials in a credential store instead of directly in stage properties, you also make it easier to migrate pipelines to another environment. For example, if you migrate multiple pipelines from a development to a production environment, you do not need to edit each pipeline to define the correct credentials for the production environment. You can simply replace the development credentials store with the production version.