The Hashicorp Vault plugin will allow you to interact with the Vault server to set and get credentials.
This plugin requires Clarive 7.8 or greater.
To install the plugin, place the cla-vault-plugin
folder inside the
$CLARIVE_BASE/plugins
directory in a Clarive instance.
-
Setup at least one Vault Endpoint resource. This is the Vault server Clarive will interact with.
-
Use the Vault Set or Vault Get credentials ops in any desired rule (a job, form, independent, webservice or event trigger).
This configuration item holds the URL and token or credentials to access a given Vault server endpoint.
The various parameters are:
- Vault Server URL - the server endpoint URL, ie.
https://[VAULTIP]:8200
- Token login - check this if you are using a token to login to the server. If unchecked, it will use username/password to login (not recommended).
- Authentication token - the Vault token to use for login, if Token login was selected.
- Username/Password - Vault server user and password in case basic authentication is being used.
This rule op let's you set a vault key-value pair in a Vault namespace (path).
Fields:
- Endpoint (required) - the Vault endpoint resource configured earlier.
- Namespace Path (required) - a path to the secret in Vault. Ie.
/mypath/mysubpath
- Secret Key (required) - the name of the key to retrieve. If set, the data returned to the rule
- Secret Value - value to be set in the key.
- Error handling - If
Fail
is set, the op will throw an error when something goes wrong. IfReturn error and continue
, if Vault errors, the error message will be returned into the rule variable, and no error will be thrown.
- Endpoint (required) - the Vault endpoint resource configured earlier.
- Namespace Path (required) - a path to the secret in Vault. Ie.
/mypath/mysubpath
- Secret Key (optional) - the name of the key to retrieve. If set, the data returned to the rule will be all the keys-values in the secret in Vault.
- Error handling - If
Fail
is set, the op will throw an error when something goes wrong. IfReturn error and continue
, if Vault errors, the error message will be returned into the rule variable, and no error will be thrown.
Feel free to join Clarive Community to resolve any of your doubts.