Vaults & Secrets

Vaults & Secrets Overview

Vaults & Secrets provide a centralized, secure location for managing the sensitive information required to operate and automate industrial systems. Within SDA, vaults store encrypted values—such as PLC passwords, service credentials, and API tokens—that are referenced by devices, projects, and operational workflows. All secrets are encrypted at rest and in transit, scoped to a tenant, and governed through SDA’s role-based access controls.

By separating sensitive credentials from devices and projects, Vaults & Secrets ensure that operations remain secure, auditable, and compliant with industrial security standards. The Secrets sub-page provides insight into secret usage and lifecycle management, while the broader Security Hub brings this information together with audit logs for complete traceability.

Vaults act as the primary containers for organizing sensitive information. A vault must be created before adding secrets, and each vault can contain one or many secrets. Because vaults enable logical separation of credentials, they are typically aligned with production areas, lines, or resource groups. This structure keeps credentials isolated and ensures that access can be granted with fine-grained control.

Secrets are the individual sensitive values stored within a vault. These may include PLC control passwords, FTP or SMB credentials, certificates, or other values used during backups, deployments, snapshots, and remote operations. Secrets can also be used in conjunction with Pipelines to rotate passwords on devices, ensuring credential hygiene and consistent security across your environment. Once created, secrets can be applied across devices, projects, and pipelines, making them centrally managed, reusable, and traceable.

Creating a Vault

For creating vaults one has to go to https://app.eu1.sdaconsole.io/ and login.

  1. Go to "Security Hub" and click "Vaults"

  2. Click "Add Vault"

  3. Enter "Vault Name", "Description", "Resourc Group" , "Tags" and click "Create"

  4. Your new vault is now created and will appear at the vault table

Creating Secrets in a Vault

After successfully creating a Vault one can add multiple secrets to that vault in order to be able linking them with the needed objects like projects or devices

  1. Enter the vault by clicking on the vault where you want to assign your secret

  2. Click "Add Secret" and add the needed information like "Secret Name", "Secret Type" and the needed information depending on the user type like username and password

  3. The newly created Secret is displayed in the secret table

  4. After succesfully creating the secret you can add it at your needed object like shown here where it was assigned as credentials for a Simatic Manager project

PreviousSecurity HubNextAudit Logs

Last updated