Secrets Management with HashiCorp

SnapLogic Secrets Management supports HashiCorp Cloud Platform Vault, Enterprise Vault, and Open Source Vault.

SnapLogic Secrets Management supports HashiCorp with use of a Groundplex. You can use any of the following:
  • HashiCorp Cloud Platform (HCP) Vault
  • HashiCorp Enterprise Vault
  • HashiCorp Open Source Vault

You can have multiple vaults per Groundplex.

Warning: With support for LDAP authentication on HashiCorp Vaults, the secrets-config.json requires a key auth_method with a value approle or ldap. If you have an older configuration, you must update each of your existing Snaplex node configuration files to include this key-value pair: "auth_method": "approle", as prescribed in the Step 1a-Approle of configuring your Groundplex nodes.
Note:
  • Only accounts with expression-enabled authentication fields work with Secrets Management. Expression-enabled fields have an expression button, .
  • Restart each Groundplex node after creating or updating the secrets-config.json file.

The request Authorization header contains the secret. Because REST Snaps can preview a complete request, you might want to limit access to resources that use secrets.

To configure HashiCorp Vault as your secrets manager in SnapLogic:
  1. Set up a Vault to use approle or LDAP authentication.
  2. Configure Groundplex nodes.
  3. Configure dynamic SnapLogic accounts to connect to the HashiCorp Vault and to authenticate.
Tip: You can restrict the use of secrets to accounts in a specific project space by adding the project_space setting to the secrets-config.json file when you configure your Groundplex.