Cloud integration using HashiCorp Vault

As an administrator, you can configure the HashiCorp Cloud integration in the Control Room.

Prerequisites

  • Ensure that you understand the key vault naming convention requirements before you integrate HashiCorp Vault. See External key vault naming conventions.
  • You must have administrator role to configure these settings.
  • Ensure that you have configured the AppRole authentication and have the RoleID, SecretID, role name, and namespace values available. For more information, see HashiCorp Vault integration.

The following image shows HashiCorp Vault Cloud integration in the Control Room:HashiCorp cloud deployment

Procedure

  1. Navigate to Settings > External key vault.
  2. Select the HashiCorp Key Vault option.
  3. Enter the Vault URL (for example: https://<hostname1:port_num>).
    Note: To access the HashiCorp Vault APIs, the Control Room will automatically append the default secret engine path v1/secret/data to the vault URL you enter (for example: https://<hostname1:port_num>/v1/secret/data). Ensure that the role with the given RoleID has at least read permission to this path and all secrets are created in the secrets engine.
  4. Enter the Role ID.
  5. Enter the Role Name.
  6. Enter the Secret ID.
  7. Optional: Enter the Namespace.
  8. Optional: Enter the Server Certificate - PEM format.
  9. Click Save changes.

Next steps

You can configure HashiCorp Vault for the following features:

You can verify or troubleshoot using the following information: