HashiCorp Vault enables you to securely store and tightly control access to tokens, passwords, certificates, and encryption keys to protect secrets and other sensitive data. This integration uses the approle authentication method, which allows machines or apps to authenticate with Vault-defined roles.
Use this integration for external secret management. To authenticate workflow steps, use the HashiCorp Vault integration. Contact your support representative if you require HashiCorp Vault steps based on AppRole authentication.
Get your HashiCorp Vault AppRole credentials
Get the credentials from your HashiCorp Vault account. These instructions assume you have an active vault and cluster.
Vault URL
Log into your HashiCorp account and select Vault.
Select a cluster.
In the Cluster URLs section, copy the public URL.
Role ID and Secret ID
For the complete instructions and list of options available for each command, refer to the HashiCorp documentation.
These instructions assume that the AppRole authentication method is enabled and a role was created.
Get the role ID:
vault read auth/approle/role//role-id
Generate a secret ID for the role:
vault write -force -auth/approle/role//secret-id secret_id_num_uses=0 secret_id_ttl=0
Ensure the secret ID you create for the role is long-lasting by setting the secret_id_num_uses and secret_id_ttl parameters to 0. If the secret ID expires, you'll have to create a new integration.
Create a HashiCorp Vault AppRole integration in Torq
Go to the Integrations page.
Select Secret Management > HashiCorp Vault AppRole. Click Add.
Enter a meaningful name for the integration and the HashiCorp credentials you copied in the previous steps. Provide the namespace you use to retrieve secrets in the Namespace field (get this information from your HashiCorp account admin).
Use this integration as a secret store for my account checkbox if you wish to use the integration for external secret management.
