Secrets Management with HashiCorp
- HashiCorp Cloud Platform (HCP) Vault
- HashiCorp Enterprise Vault
- HashiCorp Open Source Vault
You can use multiple Vaults per Snaplex.
secrets-config.jsonrequires a new key
auth_methodwith a value
ldap. You must update each of your existing Snaplex node configuration files to include this key-value pair:
"auth_method": "approle",as prescribed in the Step 1a-Approle of configuring your Groundplex nodes.
- Only dynamic account types, those with expression-enabled fields, work with a secrets manager. If the account type you need is not dynamic, contact your CSM.
- To pick up changes to the secret-config.json file, you must restart the Snaplex node by restarting the JCC service.
If a user has access to the secrets, the secrets can be viewed in REST Snap previews and in responses.
- Set up a Vault to use approle or LDAP authentication.
- Configure Groundplex nodes.
- Configure dynamic SnapLogic accounts to connect to the HashiCorp Vault and to authenticate.
project_spacesetting to the secrets-config.json file when you configure your Groundplex.