In today’s digital landscape, securing sensitive data, such as API keys, passwords, and encryption keys, is more critical than ever. HashiCorp Vault is a powerful secrets management tool designed to securely store and access secrets, ensuring that sensitive information is protected from unauthorized access.
Prerequisites
- Ensure HashiCorp Vault is installed
- Ensure you have StorageGuard version 9.2.7 and above installed
- Ensure you have the HashiCorp Vault Key/Value[KV] Secrets Engine secret path (URL)
Hashicorp Vault installation
Download the latest HashiCorp Vault version from the official Vault download page and use the installation tutorials mentioned there.
StorageGuard configuration
- Open and log in to the StorageGuard WebUi
- Open Settings > Scan > Authentication > Credentials
- Click the “Add new” button
- Under “Type” dropdown, choose “Hashicorp”
- Enter “Name” and the “Secret Path” value, e.g KV Secrets Engine v2 path: secret/data/my-app/db-creds
or KV Secrets Engine v1 path: secret/my-app/db-creds
Note: Enter the full Vault secret path to the credential StorageGuard should read, in the form <mount>/<key> (for KV Secrets Engine v2 use the logical path like kv/app/sg-creds, not kv/data/ or kv/metadata/)
- Click “Apply”
- When creating a new connectivity policy (Settings → Scan → Authentication → Policies), select the HashiCorp entry created in the previous steps from the “Credentials” field.
Note: A HashiCorp entry can be reused across multiple connectivity policies. Similarly, a connectivity policy can be applied to more than one asset (CI) or asset group
Comments
0 comments
Please sign in to leave a comment.