HashiCorp Vault
This document provides the necessary information to install, configure, and integrate HashiCorp Vault with the CipherTrust Manager.
A modern system requires access to a multitude of secrets: database credentials, API keys for external services, credentials for service-oriented architecture communication, and so on. Understanding who is accessing what secrets is already very difficult and platform-specific. Adding on key rolling, secure storage, and detailed audit logs is almost impossible without a custom solution.
HashiCorp Vault is a tool for securely accessing the secrets. A secret is anything that you want to tightly control access to, such as API keys, passwords, certificates, and more. HashiCorp Vault provides a unified interface to any secret while providing a tight access control and recording a detailed audit log.
Supported Product Versions
CipherTrust Manager
- CipherTrust Manager 2.0 and higher
SafeNet ProtectApp PKCS#11 Provider
- SafeNet ProtectApp PKCS#11 Provider 8.3.2 and higher
HashiCorp Vault
- HashiCorp Vault 1.0.2 and higher
This integration is validated on Red Hat Enterprise Linux Server 64-bit.
Prerequisites
Ensure that HashiCorp Vault is installed and configured properly. Refer to the HashiCorp Vault documentation for details.
Ensure that the CipherTrust Manager is installed and configured. Refer to the CipherTrust Manager documentation for details.
HashiCorp Vault communicates with the CipherTrust Manager using the Network Attached Encryption (NAE) Interface. Ensure that the NAE interface is configured. Refer to the CipherTrust Manager documentation for details.
Ensure that the port configured on NAE interface is accessible from the HashiCorp Vault machine.
Ensure that SSL is configured. Refer to Setting up SSL for details.
