Secret injection
1. Overview
Prisma Cloud can be configured to retrieve secrets from your secrets store and inject them into the containers that need them. Prisma Cloud supports a variety of secrets stores:
-
AWS Systems Parameter Store
-
AWS Secrets Manager
-
Azure Key Vault
-
CyberArk Enterprise Password Vault
-
Hashicorp Vault
Prisma Cloud securely retrieves secrets from your designated secrets store and can inject them as either environment variables or files into the containers you designate. Prisma Cloud provides a granular rule-driven system for defining how and where secrets are injected. To protect your secrets, configure your rules restrictively, using the principle of least-privilege access. For more information about configuring Prisma Cloud to perform secrets injection, see this support article.