Skip to content

Retain support for envvars for OCTI + connector secrets management #14560

New issue
New issue
Open
Feature
Open
Retain support for envvars for OCTI + connector secrets management#14560
Feature
Labels
needs triageuse to identify issue needing triage from Filigran Product team
@damians-filigran

Description

@damians-filigran
damians-filigran
opened on Feb 23, 2026

Use case

Some organisations (primarily large banks) require all secrets, including API keys, database passwords, etc. to be stored in a recognised centralised secrets vault, such as Hashicorp or Cyberark. These have the capabilty to inject API keys or connector credentials as envvars at container launch.

This is how static secrets have been managed in the past, and are for CE, although in EE, secrets can now be stored in the database with AES256 encryption, and there are some discussions about deprecating support for credentials as envvar.

However, as storage in OpenCTI's database is not recognised as a standard pattern by bank compliance teams, the current method of supporting credentials and other values as envvars should be retained for such users, to retain these options for regulated environments.

Metadata

Metadata

Assignees

No one assigned

    Labels

    needs triageuse to identify issue needing triage from Filigran Product team

    Type

    Feature

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions