Secrets Management with HashiCorp
Overview
SnapLogic Secrets Management supports:
- HashiCorp Cloud Platform (HCP) Vault
- HashiCorp Enterprise Vault
- HashiCorp Open Source Vault
You can use multiple Vaults per Snaplex.
Warning: With the support for LDAP authentication on
your HashiCorp Vaults released, the
secrets-config.json
requires a new key
auth_method
with a value approle
or ldap
. You
must update each of your existing Snaplex node configuration files to include this key-value pair:
"auth_method": "approle",
as prescribed in the Step 1a-Approle of configuring your Groundplex nodes. Note:
- Only accounts with expression-enabled authentication fields work with Secrets Management. Expression-enabled fields have an expression button, .
- Restart each Groundplex node after creating or updating the secrets-config.json file.
If a user has access to the secrets, the secrets can be viewed in REST Snap previews and in responses.
To configure HashiCorp Vault as your secrets manager in SnapLogic:
- Set up a Vault to use approle or LDAP authentication.
- Configure Groundplex nodes.
- Configure dynamic SnapLogic accounts to connect to the HashiCorp Vault and to authenticate.
Tip: You can restrict the use of secrets to
accounts in a specific project space by adding the
project_space
setting to the
secrets-config.json file when you configure your Groundplex.