Manage Cloud Identities
The metadata harvesting (model import) is performed by server (see MANAGE > Servers) that may use allowing secret / password parameters to be based on an external (Talend Data Catalog managed) cloud identity (on Amazon Web Services, Google Cloud, or Microsoft Azure) where the secret / password parameter can be:
- A secret identifier which is a URL to a cloud identity secret vault's actual secret (allowing for external storage of such secret / password in a cloud secret vault).
- Empty (no longer mandatory) and the authentication is based on the cloud identity on select bridges (such as Microsoft Azure Data Lake Storage, Microsoft Azure Blob Storage, and more to come).
Public clouds provide identity management and access control infrastructure that enable their customers to define one security principle that can access multiple services using secret-protected or temporary credentials.
For example, Azure allows you to define an identity for an application that can access your storage and database services. Talend Data Catalog can get temporary credentials, like access tokens, that can be used to access Azure services.
Public clouds support key vaults that help you to safeguard secrets used by cloud apps and services. Each secret has a unique URL.
Cloud bridges support the following authentication methods:
- Secret credentials
- Temporary credentials
- Cloud machine identity
- Cloud vault secret (sub-method of the cloud identities method)
The bridge decides what authentication method to use based on the presence of values of authentication parameters and logs the decision.