Secrets Management with HashiCorp

Overview

SnapLogic Secrets Management supports:
  • HashiCorp Cloud Platform (HCP) Vault
  • HashiCorp Enterprise Vault
  • HashiCorp Open Source Vault

You can use multiple Vaults per Snaplex.

Warning: With the support for LDAP authentication on your HashiCorp Vaults released, the secrets-config.json requires a new key auth_method with a value approle or ldap. You must update each of your existing Snaplex node configuration files to include this key-value pair: "auth_method": "approle", as prescribed in the Step 1a-Approle of configuring your Groundplex nodes.
Note:
  • Only dynamic account types, those with expression-enabled fields, work with a secrets manager. If the account type you need is not dynamic, contact your CSM.
  • To pick up changes to the secret-config.json file, you must restart the Snaplex node by restarting the JCC service.

If a user has access to the secrets, the secrets can be viewed in REST Snap previews and in responses.

To configure HashiCorp Vault as your secrets manager in SnapLogic:
  1. Set up a Vault to use approle or LDAP authentication.
  2. Configure Groundplex nodes.
  3. Configure dynamic SnapLogic accounts to connect to the HashiCorp Vault and to authenticate.
Tip: You can restrict the use of secrets to accounts in a specific project space by adding the project_space setting to the secrets-config.json file when you configure your Groundplex.