Cloud integration using HashiCorp Vault

As an administrator, you can configure the HashiCorp Cloud integration in the Control Room.

Prerequisites

  • Ensure that you understand the key vault naming convention requirements before you integrate HashiCorp Vault. See External key vault naming conventions.
  • You must have administrator role to configure these settings.
  • Ensure that you have configured the AppRole authentication and have the RoleID, SecretID, role name, and namespace values available. For more information, see HashiCorp Vault integration.

The following image shows HashiCorp Vault Cloud integration in the Control Room:HashiCorp cloud deployment

Procedure

  1. Navigate to Settings > External key vault.
  2. Select the HashiCorp Key Vault option.
  3. Enter the Vault URL (for example: https://<hostname1:port_num>).
  4. Enter the Role ID.
    Ensure that the role with the given RoleID has a minimum of read permission to the secrets engine path and to all the secrets that are created in the secrets engine.
  5. Enter the Role Name.
  6. Enter the Secret ID.
  7. Enter the Secrets Engine Path: Ensure that you enter the complete path of the secrets engine.
    • You can either use the default secrets engine path v1/secret/data where the Control Room automatically appends the Secrets engine path to the vault URL you enter (for example: https://<hostname1:port_num>/v1/secret/data).
    • Or you can configure your own secrets engine path using the custom format v1/<custom-kv-engine>/data.
  8. Optional: Enter the Namespace.
  9. Optional: Enter the Server Certificate - PEM format.
  10. Click Save changes.

Next steps

You can configure HashiCorp Vault for the following features:

You can verify or troubleshoot using the following information: