Configure ESA Secrets In GCP Secret Manager

Audit Log Forwarder Function uses GCP Secret Manager to store ESA Audit Store credentials used during authentication.

For information on how to configure basic and certificate authentication for Audit Store on ESA refer to Audit Store Guide.

1. Log in to Google Account and select project where Protegrity service will be installed.

2. Go to Security > Secret Manager.

3. Select CREATE SECRET.

4. Specify the Secret Value:

   {
     "username": "admin", 
     "password": "{esa_password}"
   }
   

5. Select Create Secret.

6. Once the secret is created, you should see the secret screen opened. If not click on the secret name to see a screen with secret versions.

7. Click on Actions, next to the secret version you just created.

8. Select Copy Resource ID and record the full secret version path, for example, projects/{project-id}/secrets/{secret name}/versions/2.

   ESA Log Forwarder Credentials Secret Name: _________________

9. Create another secret with single-line contents of ESA client certificate key file

   See Certificate Authentication for details on client certificate key

10. Record the full secret version path, for example, projects/{project-id}/secrets/{secret name}/versions/1.

    ESA Log Forwarder Client Certificate Key Secret Name: _________________