Releases
Select Guide ▼
Compute Edition 20.09 (Self-Hosted)
Enterprise Edition (SaaS)
Reference Architecture
Operationalize Guide
Troubleshooting
Historical Documentation
Integrations
Palo Alto Networks Tech Docs
Toggle nav
Docs
Prisma Cloud Compute Edition 20.09 (Self-Hosted)
Secrets
Secrets stores
Secrets stores
Edit on GitHub
Search
Welcome
Welcome
Releases
Getting started
Product architecture
Support lifecycle
Licensing
Prisma Cloud Enterprise Edition vs Compute Edition
Utilities and plugins
Install
Install
Getting started
System requirements
Prisma Cloud container images
Onebox
Kubernetes
OpenShift 4
OpenShift 3.11
VMware Tanzu Kubernetes Grid
Docker Swarm
Amazon ECS
DC/OS
Windows
Defender types
Install Defender
Install Defender
Single Container Defender
Cluster Container Defender
App Embedded Defender
App Embedded Defender for Fargate
Defender for VMWare Tanzu TAS
Serverless Defender (auto-protect)
Serverless Defender
Serverless Defender (Lambda layer)
Host Defender
Deploy Defender from GCP Marketplace
Decommission single Container Defender
Upgrade
Upgrade
Upgrade process
Onebox
Kubernetes
OpenShift
Helm charts
Docker Swarm
Amazon ECS
Manually upgrade single Container Defenders
Manually upgrade Defender DaemonSets
Manually upgrade Defender DaemonSets (Helm)
Manually upgrade Swarm Defender global service
Technology overviews
Technology overviews
Prisma Cloud Advanced Threat Protection
App-specific network intelligence
Container runtimes
Radar
Serverless Radar
Prisma Cloud rules guide for Docker
Defender architecture
Telemetry
Configure
Configure
Rule ordering and pattern matching
Disaster recovery
Custom feeds
Proxy configuration
Custom certs for Console access
Configure scan intervals
User certificate validity period
Enable HTTP access to Console
Set different paths for Console and Defender (with daemon sets)
Authenticate to Console with certificates
Customize terminal output
Collections
Tags
Logon Settings
Reconfigure Prisma Cloud
Subject Alternative Names
Credentials store
Authentication
Authentication
Log into Console
Active Directory
OpenLDAP
OpenID Connect
Okta (SAML 2.0)
Google G Suite (SAML 2.0)
Azure Active Directory (SAML 2.0)
PingFederate (SAML 2.0)
Active Directory Federation Services (SAML 2.0)
GitHub (OAuth 2.0)
OpenShift (OAuth 2.0)
Active Directory Non-default UPN suffixes
Compute user roles
Assign roles
Use custom certificates for authorization
Credentials store
Vulnerability management
Vulnerability management
Vulnerability Explorer
Vulnerability management rules
Search CVEs
Scan reports
Customize image scanning
Registry scanning
Configuring registry scans
Registry scanning
Alibaba Cloud Container Registry
Amazon EC2 Container Registry
Azure Container Registry
Docker Registry v2 (includes Docker Hub)
Google Container Registry
Harbor
IBM Cloud Container Registry
JFrog Artifactory Docker Registry
OpenShift integrated Docker registry
Webhooks
VM image scanning
Code repository scanning
Malware scanning
Risk trees
Detect vulnerabilities in unpackaged software
CVSS scoring
Google Cloud Container Builder
Windows image scanning
Serverless function scanning
VMWare Tanzu blobstore scanning
Compliance
Compliance
Compliance Explorer
Manage compliance
CIS Benchmarks
Prisma Cloud compliance checks
Serverless functions
Windows compliance checks
Custom compliance checks
Extensible compliance checks
Trusted images
Host scanning
VM image scanning
Detect secrets
Cloud discovery
Runtime defense
Runtime defense
Runtime defense overview
Runtime defense for processes
Runtime defense for networking
Runtime defense for file systems
Runtime defense for hosts
Custom runtime rules
Blocked containers
Import and export individual rules
Discrete blocking
Fargate
Incident Explorer
Incident types
Incident types
Backdoor admin accounts
Backdoor SSH access
Brute force
Crypto miners
Data exfiltration
Hijacked processes
Kubernetes attack
Lateral movement
Port scanning
Service violation
Access control
Access control
Docker role-based access control
Open Policy Agent
Continuous integration
Continuous integration
Jenkins plugin
Jenkins Freestyle project
Jenkins Maven project
Jenkins Pipeline project
Run Jenkins in a container
Jenkins pipeline on K8S
CloudBees Core pipeline on K8S
Set policy in the CI plugins
Firewalls
Firewalls
Web-Application and API Security (WAAS)
Deployment Guide for Web-Application and API Security (WAAS)
Cloud Native Network Firewall (CNNF)
Secrets
Secrets
Secrets manager
Integrate with a secrets store
Secrets stores
Secrets stores
AWS Secrets Manager
AWS Systems Manager Parameters Store
Azure Key Vault
CyberArk Enterprise Password Vault
HashiCorp Vault
Inject secrets into containers
Injecting secrets example
Alerts
Alerts
Alert mechanism
AWS Security Hub
Cortex XSOAR
Email
Google Cloud Pub/Sub
Google Cloud SCC
IBM Cloud Security Advisor
JIRA
PagerDuty
ServiceNow Security Incident Response
ServiceNow Vulnerability Response
Slack
Webhook
Audit
Audit
Event viewer
Host activity
Admin activity
Annotate audits
Delete audit logs
Syslog and stdout integration
Log rotation
Throttling
Prometheus
Kubernetes auditing
Tools
Tools
twistcli
Scan images with twistcli
Install Console with twistcli
Update offline environments
Deployment patterns
Deployment patterns
Projects
Migration options for scale projects
DNS and certificate management
Caps
Migrate to SaaS Console
Performance planning
API
API
Stability guide
Access the API
Set up fresh Console
Automate Defender install
Manage compliance policies
20.09 porting guide
How-to guides
Howto
Configure an ECS load balancer
Use Nginx Ingress Controller
Configure the load balancer type for AWS EKS
Deploy Defenders External to an OpenShift cluster
Configure Console's listening ports
Provision tenant projects OpenShift
Setting up Istio
Disable automatic learning
Rolling Defender upgrades
Review debug logs
Secrets stores
1. Overview
1. Overview
Integrate Prisma Cloud with the supported secrets management stores.