Secrets Management with HashiCorp
Overview
SnapLogic Secrets Management supports:
- HashiCorp Cloud Platform (HCP) Vault
- HashiCorp Enterprise Vault
- HashiCorp Open Source Vault
You can use multiple Vaults per Snaplex.
Warning:
With the support for LDAP authentication on your HashiCorp Vaults released, the
secrets-config.json
requires a new key auth_method
with a value approle
or ldap
.
You must update each of your existing Snaplex node configuration files to include this key-value pair: "auth_method": "approle",
as prescribed in the Step 1a-Approle of configuring your Groundplex nodes.
Note:
- Only dynamic account types, those with expression-enabled fields, work with a secrets manager. If the account type you need is not dynamic, contact your CSM.
- To pick up changes to the secret-config.json file, you must restart the Snaplex node by restarting the JCC service.
If a user has access to the secrets, the secrets can be viewed in REST Snap previews and in responses.
To configure HashiCorp Vault as your secrets manager in SnapLogic:
- Set up a Vault to use approle or LDAP authentication.
- Configure Groundplex nodes.
- Configure dynamic SnapLogic accounts to connect to the HashiCorp Vault and to authenticate.
Tip: You can restrict the use of secrets to accounts in a specific project space
by adding the
project_space
setting to the secrets-config.json file
when you configure your Groundplex.