Skip to main content

Integrate External Secret Stores with Torq for Enhanced Security

Integrate Torq with your key management service to manage secrets for third-party vendor integrations securely and independently.

External secret stores let your organization use secrets, API keys, passwords, and other credentials, in Torq integrations without storing sensitive data in Torq itself. This keeps your team in full control of secret management, including rotation and revocation.

Supported secret stores:

  • HashiCorp Vault

  • AWS SSM Parameter Store

  • Azure Key Vault

Contact your support representative if you use a different secret management service.

How to use

Set up an external secret store

  1. Add the integration: Go to Integrations > Secret Management, select your secret store, and click Add Instance.

  2. Configure the integration: Enter a meaningful name and fill in the required fields.

  3. Enable as secret store: Check Use this integration as a secret store for my account and click Add.

For AWS integrations, ensure the IAM role has GetParameter permission.

Edit an external secret store integration

  1. Find the integration: Go to Integrations > Secret Management and locate the integration in the list.

  2. Open settings: Click the three-dot menu (...) next to the integration and select Edit.

  3. Update and save: Make your changes and click Save.

Connect a third-party integration to a secret store

  1. Select the integration: Go to Integrations, find the third-party vendor, and click Add.

  2. Configure secret fields: For each sensitive field, use the dropdown to select whether the value comes from an external secret store or Torq's local secret store.

  3. Provide the secret path: Enter the path to the secret value using the format for your secret store (see below), and click Add.

Secret path formats

HashiCorp Vault

  1. Get the secret path: In HashiCorp Vault, go to Secrets to view available engine paths.

    For example, for the secret below, use secret/test/webapp/api_key to get the secret value in Torq.

  2. Use the secret: In the Torq integration form, use the secret value in integration fields that require sensitive information.

AWS SSM Parameter Store

  1. Enter the path: Provide the region and parameter name in the format <region>/<parameter name>.

    For example, for the parameter /A/A below, use us-east-1/A/A to get the secret value in Torq.

    get the AWS SSM region
  2. Use the secret: In the Torq integration form, use the secret value in integration fields that require sensitive information.

Azure Key Vault

  1. Get the secret name: In Azure Key Vault, go to Secrets to view available secret names.

  2. Enter the name: Provide the secret name exactly as listed, for example: my-secret.

  3. Use the secret: In the Torq integration form, paste the name into any field that requires sensitive information.

Go to Secrets in Azure Key Vault to get the name of the secret

Did this answer your question?