1. Overview

Prisma Cloud can be configured to retrieve secrets from your secrets store and inject them into the containers that need them. Prisma Cloud supports a variety of secrets stores:

  • AWS Systems Parameter Store

  • AWS Secrets Manager

  • Azure Key Vault

  • CyberArk Enterprise Password Vault

  • Hashicorp Vault

Prisma Cloud securely retrieves secrets from your designated secrets store and can inject them as either environment variables or files into the containers you designate. Prisma Cloud provides a granular rule-driven system for defining how and where secrets are injected. To protect your secrets, configure your rules restrictively, using the principle of least-privilege access. For more information about configuring Prisma Cloud to perform secrets injection, see this support article.