HashiCorp Vault Integration Guide

Describes how to integrate the data-fabric platform with HashiCorp Vault.

This chapter discusses how to set up HashiCorp Vault and prepare it for integration with the data-fabric KMIP client.

Data Fabric integration works with HashiCorp release versions from 1.5.0+ent onwards, although this integration guide is based on the Vault 1.5.3+ent release. Changes in the Vault user interface and functionality in different Vault releases may affect the steps outlined in this integration guide. For more information, refer to the HashiCorp Vault documentation for the authoritative guide for the Vault appliance.

This chapter assumes that the HashiCorp Vault Local CA is used to sign the client certificate. This may not always be the case in production deployments, since trusted CAs may be imported. Refer to the HashiCorp Vault documentation for details on how to configure and/or import CAs and client certificates. Steps 2-4 are outlined in HashiCorp’s Guide for deploying Vault’s KMIP secrets engine.

The steps for integration are as follows:

  1. Install and set up Vault
  2. Enable and Configure the KMIP secrets engine
  3. Create Scopes and Rules
  4. Generate the CA and Client certificate