Set up a HashiCorp Vault using LDAP.
As you set up the HashiCorp Vault, collect the following information which are required in the Snaplex node configuration file:
- Cluster URL
- LDAP Username
- LDAP Password
- Vault Namespace
- Create a Vault Cluster.
You need one private Cluster per Vault.
From this step, you will get the Cluster URL, which must be a private URL that establishes peer communication with your
Groundplex nodes.
- Enable and configure LDAP authentication.
You must create a role for each Vault and then associate the role with one or more policies.
Note: The default path for a new LDAP authentication method in HashiCorp is ldap
.
From this step, you will retrieve the username
, password
, and auth_path
for the user.
- Create Vault policies.
To use an HCP Vault policy for Snaplex access, it must grant Read access to the Key/Value Secrets Engine.
Example 1: Snippet of an HCP Vault policy to grant read access to the Key/Value Secrets Engine.
# Allow a token to manage its cubbyhole
path "cubbyhole/*" {
capabilities = ["create", "read", "update", "delete", "list"]
}
# Allow a token to manage its secret engine kv
path "kv/*" {
capabilities = ["read"]
}
- Create a Key/Value Secrets Engine.
- In the new Vault, create the secrets containing your endpoint credentials.
The SnapLogic accounts use the path and secret name.
- Determine or create the namespaces you need.
The Vault namespace depends on the HashiCorp product.
- In HashiCorp Cloud Platform (HCP),
- Default:
admin
- The name of the namespace that you created.
- In HashiCorp Enterprise, the name of the namespace that you created.
- In HashiCorp Open Source,
root
.