Is there any way to pass in sensitive creds by calling an action like "Get Password" and passing it into an integration instance (rather than saving the credential directly in SOAR in an integration instance)?
Page 1 / 1
SOAR supports a vault
https://cloud.google.com/chronicle/docs/soar/respond/integrations-setup/working-with-an-external-vault-system
Edit: I don't know if you could 'build' one yourself. Any time you build data flows between Actions yourself they go to the case wall as Action params are not secrets (but Integration params are).
You could potentially build rapid key rotation in (though SOAR would hold the key for >0 seconds), but that would require some dev from yourself.
Reply
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.