Secrets Management with HashiCorp

Overview

SnapLogic Secrets Management supports:
  • HashiCorp Cloud Platform (HCP) Vault
  • HashiCorp Enterprise Vault
  • HashiCorp Open Source Vault

You can use multiple Vaults per Snaplex.

Warning: With the support for LDAP authentication on your HashiCorp Vaults released, the secrets-config.json requires a new key auth_method with a value approle or ldap. You must update each of your existing Snaplex node configuration files to include this key-value pair: "auth_method": "approle", as prescribed in the Step 1a-Approle of configuring your Groundplex nodes.
Note:
  • Only accounts with expression-enabled authentication fields work with Secrets Management. Expression-enabled fields have an expression button, .
  • Restart each Groundplex node after creating or updating the secrets-config.json file.

The request Authorization header contains the secret. REST Snaps can preview a complete request. You might want to limit access to users who have permission to view secrets.

To configure HashiCorp Vault as your secrets manager in SnapLogic:
  1. Set up a Vault to use approle or LDAP authentication.
  2. Configure Groundplex nodes.
  3. Configure dynamic SnapLogic accounts to connect to the HashiCorp Vault and to authenticate.
Tip: You can restrict the use of secrets to accounts in a specific project space by adding the project_space setting to the secrets-config.json file when you configure your Groundplex.