1. To-Increase Dynamics 365 for Finance & Operations
  2. Connectivity studio
  3. General

Set up secret references

You can create secret references to store secrets at a central place in Connectivity studio. Wherever you need a secret in Connectivity studio, you can use a secret reference.

Benefits of using secret references are:

  • One place to maintain secrets. For example, you can use a secret in several connectors. If the secret expires, you only update the secret reference instead of updating the secret separately for each applicable connector.
  • When you use a secret reference, the secret is not shown or visible where the secret is applied. The secret is also not visible when you export or import project configurations.

You can use secret references for:

  • Azure storage setup (Connectivity studio parameters)
  • Database connector
  • Azure file storage connector
  • File actions (Azure file storage connector)
  • Blob storage connector
  • SharePoint connector
  • Service Bus queue connector
  • Web service application (Project)
  • Web service action attributes

Note: You can only use secret references if the the Display secret field of the Connectivity studio parameters is set to 'Secret reference' or 'Both'.


Application Consultant Application Consultant Start Start Use secret references  from other environment? Use secret references  from other environment? Export secret references from another environment Export secret references from another environment You can export secret references from a D365 FO environment to be imported in another D365 FO environment. If you export a project, the secret references are not exported. If an export of the secret references is required, you can export the secret references separately. Usually, you only export and import secret references to a D365 FO environment of the same type. For example, you only export secret references from a Development environment to import these in another Development environment. Reason: You don't want to mix up data. For example, you don't want to mix up Test data with Production data. Procedure 1. Go to Connectivity studio > Setup > Secret > Secret reference. 2. In the list, find and select the desired secret references. 3. On the Action Pane, click General. 4. Click Export. 5. In the Download file field, type a value. 6. Select Yes in the Run in background field. 7. Enter a self-defined key to encrypt the secrets of the secret references in the export file. So, the secrets of the secret references are unreadable in the file. In the Encryption key field, type a value. Note: Inform the receiver of the file about the used encryption key. 8. Enter a self-defined secret to check if the right encryption key is used during import. On import, if the entered encryption key and secret do not match both the encryption key and secret in the file, the secret references are not imported. In the Encryption secret field, type a value. Note: - On export, the encryption secret is encrypted as well by the encryption key. - Inform the receiver of the file about the used encryption secret. 9. Click OK. 10. Sub-task: Download secret references export file. 11. Click Download transactions. 12. In the list, select the desired record. 13. Click Download. 14. Close the page. 15. Close the page. How to create  secret references? How to create  secret references? Create secret reference Create secret reference You can create secret references to store secrets at a central place in Connectivity studio. Wherever you need a secret in Connectivity studio, you can use a secret reference. Benefits of using secret references are: One place to maintain secrets. For example, you can use a secret in several connectors. If the secret expires, you only update the secret reference instead of updating the secret separately for each applicable connector. When you use a secret reference, the secret is not shown or visible where the secret is applied. The secret is also not visible when you export or import project configurations. Procedure 1. Go to Connectivity studio > Setup > Secret > Secret reference. 2. Sub-task: Create a manual secret reference. 3. Click New. 4. In the Secret reference field, type a value. 5. In the Description field, type a value. 6. In the Environment types field, select an option. 7. In the Expiring date field, enter a date. 8. In the Manual secret field, enter a self-defined secret or password. 9. Sub-task: Create a key vault secret reference. 10. Click New. 11. In the Secret reference field, type a value. 12. In the Description field, type a value. 13. In the Environment types field, select an option. 14. In the Expiring date field, enter a date. 15. Select or clear the Key Vault check box. 16. Expand the Key Vault section. 17. In the Name field, enter or select the desired key vault. 18. Sub-task: Create a certificate secret reference. 19. Click New. 20. In the Secret reference field, type a value. 21. In the Description field, type a value. 22. In the Environment types field, select an option. 23. In the Expiring date field, enter a date. 24. You can use a private key certificate as secret of a secret reference. Select or clear the Certificate check box. Note: In Connectivity studio, you can only use certificates for SFTP file actions on a Azure file storage connector. 25. Expand the Certificate section. 26. Click Upload private key certificate. 27. On the dialog, click Select private key file. Browse for and select the desired file. 28. Click OK. Notes You can encrypt the secrets of the secret references. To do so, set the Encryption key in the Connectivity studio parameters. Import secret references Import secret references You can import secret references that are exported from another D365 FO environment. If you import a project, the secret references are not included. If the related secret references are required, you can import the secret references separately. Usually, you only export and import secret references to a D365 FO environment of the same type. For example, you only export secret references from a Development environment to import these in another Development environment. Reason: You don't want to mix up data. For example, you don't want to mix up Test data with Production data. Procedure 1. Go to Connectivity studio > Setup > Secret > Secret reference. 2. On the Action Pane, click General. 3. Click Import. 4. Click Select configuration file to browse for and select the desired secret references export file. 5. Select Yes in the Run in background field. 6. In the Encryption key field, type a value. 7. In the Encryption secret field, type a value. 8. Click OK. 9. Close the page. Notes If the selected secret references file contains a secret reference that already exists, it is not imported. You can encrypt the secrets of the secret references. To do so, set the Encryption key in the Connectivity studio parameters. Upgrade secrets to the secret reference tables Upgrade secrets to the secret reference tables For each project, you can migrate from 'locally' stored secrets to centrally stored secrets. To do so, you can automatically collect the locally stored secrets and store these in the centrally stored secret references. During upgrade: All locally stored secrets of the project are collected. Note: Also, the Azure storage password from the Connectivity studio parameters is collected and upgraded. For each unique secret, a secret reference is created with an automatically generated name. So, no duplicate secret references are created. Note: A secret reference is unique for the secret and environment type combination. For each record with a 'local' secret, the secret is removed, and the newly created secret reference is linked to the record. Note: Usually, you only use this upgrade function once per project during migration from locally to centrally stored secrets. Procedure 1. Click Connectivity studio Integration Design. 2. In the Project field, enter or select a value. 3. Click Projects. 4. On the Action Pane, click Deploy. 5. Click Upgrade secrets to the Secret reference table. 6. Click Yes. 7. Close the page. Notes You can encrypt the secrets of the secret references. To do so, set the Encryption key in the Connectivity studio parameters. Show where a secret reference is used Show where a secret reference is used You can show the records where a secret reference is used. This can be helpful, for example, if you want to change a secret and you want to see which records are involved. Procedure 1. Go to Connectivity studio > Setup > Secret > Secret reference. 2. In the list, find and select the desired secret reference. 3. On the Action Pane, click General. 4. Click Where-used. 5. Close the page. 6. Close the page. Update secret reference name Update secret reference name You can change a secret reference name. this automatically updates the secret reference in all places where it is used. You can update a secret reference name, for example, after you upgraded from local secret storage to central secret storage. In this case, you can change the automatically created secret reference names. Procedure 1. Go to Connectivity studio > Setup > Secret > Secret reference. 2. In the list, find and select the desired secret reference. 3. On the Action Pane, click General. 4. Click Update secret reference name. 5. In the New secret reference name field, type a value. 6. Click OK. 7. Click Yes. 8. Close the page. Notes If you use project version management, and a project is checked in, the secret reference names are changed in the checked-in version. Be aware that you loose such a change if you get the latest project version. If you, after changing a secret reference name, check out and check in the project version, the change is saved in the checked-in project version. End End Yes No Manually By import From existing  secrets

Activities

Name Responsible Description

Export secret references from another environment

Application Consultant

You can export secret references from a D365 FO environment to be imported in another D365 FO environment.

If you export a project, the secret references are not exported. If an export of the secret references is required, you can export the secret references separately.

Usually, you only export and import secret references to a D365 FO environment of the same type. For example, you only export secret references from a Development environment to import these in another Development environment. Reason: You don't want to mix up data. For example, you don't want to mix up Test data with Production data.

Create secret reference

Application Consultant

You can create secret references to store secrets at a central place in Connectivity studio. Wherever you need a secret in Connectivity studio, you can use a secret reference.

Benefits of using secret references are:

  • One place to maintain secrets. For example, you can use a secret in several connectors. If the secret expires, you only update the secret reference instead of updating the secret separately for each applicable connector.
  • When you use a secret reference, the secret is not shown or visible where the secret is applied. The secret is also not visible when you export or import project configurations.

Import secret references

Application Consultant

You can import secret references that are exported from another D365 FO environment.

If you import a project, the secret references are not included. If the related secret references are required, you can import the secret references separately.

Usually, you only export and import secret references to a D365 FO environment of the same type. For example, you only export secret references from a Development environment to import these in another Development environment. Reason: You don't want to mix up data. For example, you don't want to mix up Test data with Production data.

Upgrade secrets to the secret reference tables

Application Consultant

For each project, you can migrate from 'locally' stored secrets to centrally stored secrets. To do so, you can automatically collect the locally stored secrets and store these in the centrally stored secret references.

During upgrade:

  • All locally stored secrets of the project are collected. Note: Also, the Azure storage password from the Connectivity studio parameters is collected and upgraded.
  • For each unique secret, a secret reference is created with an automatically generated name. So, no duplicate secret references are created. Note: A secret reference is unique for the secret and environment type combination.
  • For each record with a 'local' secret, the secret is removed, and the newly created secret reference is linked to the record.

Note: Usually, you only use this upgrade function once per project during migration from locally to centrally stored secrets.

Show where a secret reference is used

Application Consultant

You can show the records where a secret reference is used. This can be helpful, for example, if you want to change a secret and you want to see which records are involved.

Update secret reference name

Application Consultant

You can change a secret reference name. this automatically updates the secret reference in all places where it is used.

You can update a secret reference name, for example, after you upgraded from local secret storage to central secret storage. In this case, you can change the automatically created secret reference names.

Provide feedback