HashiCorp: Set up a Vault using LDAP

Overview

As you set up the HashiCorp Vault, collect the following information which are required in the Snaplex node configuration file:
  • Cluster URL
  • LDAP Username
  • LDAP Password
  • Vault Namespace
  1. Create a Vault Cluster.
    You need one private Cluster per Vault.
    From this step, you will get the Cluster URL, which must be a private URL that establishes peer communication with your Groundplex nodes.
  2. Enable and configure LDAP authentication.
    You must create a role for each Vault and then associate the role with one or more policies.
    Note: The default path for a new LDAP authentication method in HashiCorp is ldap.
    From this step, you will retrieve the username, password, and auth_path for the user.
  3. Create Vault policies.

    To use an HCP Vault policy for Snaplex access, it must grant Read access to the Key/Value Secrets Engine.

    Example 1: Snippet of an HCP Vault policy to grant read access to the Key/Value Secrets Engine.

     # Allow a token to manage its cubbyhole
path "cubbyhole/*" {
    capabilities = ["create", "read", "update", "delete", "list"]
}
# Allow a token to manage its secret engine kv
path "kv/*" {
  capabilities = ["read"]
}
  4. Create a Key/Value Secrets Engine.
  5. In the new Vault, create the secrets containing your endpoint credentials.
    The SnapLogic accounts use the path and secret name.
  6. Determine or create the namespaces you need.
    The Vault namespace depends on the HashiCorp product.
    • In HashiCorp Cloud Platform (HCP),
      • Default: admin
      • The name of the namespace that you created.
    • In HashiCorp Enterprise, the name of the namespace that you created.
    • In HashiCorp Open Source, root.