Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 5 Current »

To use HashiCorp Vault for fetching the credentials associated with an activity at runtime, you need to set the HashiCorp Vault related parameters in the global values.yaml file before you deploy the application.

The following table contains the list of parameters and their description.

Parameter

Description

configManagement:

CONFIG_MANAGEMENT_ENABLED:

Variable to enable or disable the Config Management feature. The possible values are true and false.

  • true – enables the Config Management feature

  • false – disables the Config Management feature

PROFILE:

The Profile in Hashicorp Vault that you want to use for fetching the secrets.
A Profile in Vault is used for grouping the secrets based on the type of environment, for example Dev, QA, or Prod.
This ensures that the secrets associated with the specified Profile, and thus with the specific environment, are fetched.

CONFIG_MANAGEMENT_SEGREGATION_CRITERIA:

The variable to define the basis for the segregation of your secrets.

The value for this variable is either project (in case of project based segregation) or it can be left blank.

backend:

hashicorp:

HASHICORP_VAULT_ENABLED:

Set this variable to true to fetch the secrets from HashiCorp Vault.

HASHICORP_VAULT_KV_VERSION:

The variable to define the version of the kv secret engine. The possible values are v1 and v2.

HASHICORP_VAULT_SECRET_PATH_PATTERN:

Pattern of the path for the secrets stored in the Vault.

The default value for this variable is:

$PROJECT_VAULT_MAPPING$/$PROFILE$/$PROJECT_NAME$

Use the default value as is unless you have segregated the secrets in the folder structure as shown in the example below.

<Base path>/ProjectA/Dev/secret1

Where,

  • ProjectA is a project’s folder

  • Dev is a profile

  • secret1 is the credential for an activity such as an FTP source belonging to ProjectA in Dev environment.

In this case, enter the value for this variable as:

$PROJECT_VAULT_MAPPING$/$PROJECT_NAME$/$PROFILE$

HASHICORP_VAULT_URL:

Access URL (endpoint) of the HashiCorp Vault.

HASHICORP_VAULT_SECRET_BASE_PATH:

Enter the complete path to the base folder that contains secrets.

Important

If you are using kv secret engine version v2, add the keyword 'data' after root secret folder. For example, if the secrets are stored at path: secret/AC_001/adeptia, enter secret/data/AC_001/adeptia as the value for this variable. In case of using v1, provide secret/AC_001/adeptia as the value for this variable.

HASHICORP_VAULT_AUTHENTICATION:

Enter the type of authentication to be used by AC application to authenticate to the Vault.

The possible values are KUBERNETES and TOKEN.

HASHICORP_VAULT_TOKEN:

Enter the Vault token.

This is applicable only when you use token-based authentication to authenticate to the Vault.

HASHICORP_VAULT_KUBERNETES_ROLE:

Enter the name of the role associated with the Kubernetes authentication method you have defined in the Vault.

This is applicable only when you are use Kubernetes authentication to authenticate to the Vault.

HASHICORP_VAULT_KUBERNETES_SERVICE

_ACC_TOKEN_PATH:

Enter the path where the Service Account token is stored within the pod.

The default value for this variable is /var/run/secrets/kubernetes.io/serviceaccount/token.

This is applicable only when you are use Kubernetes authentication to authenticate to the Vault.

HASHICORP_VAULT_KUBERNETES_PATH:

Enter the name of Kubernetes authentication method defined in the Vault.

This is applicable only when you are use Kubernetes authentication to authenticate to the Vault.

Related topics

  • No labels