Integrate FTM with HashiCorp Vault
After you deploy HashiCorp Vault , you can enable the FTM secure vault reference implementation in your FTM custom resource.
The following sample in the FTM custom resource shows how to enable the secure
vault reference implementation.
config:
instance:
referenceImplementation:
vault:
enabled: true
namespace: vault
url: 'https://vault.vault.svc.cluster.local:8200'
dataPath: /v1/ftm/data/ftm
role: ftm
certificate:
valueFrom:
secretKeyRef:
name: vault-ssl-certificate
key: tls.crt
security:
certificate:
ca:
valueFrom:
secretKeyRef:
key: ca.crt
name: ftm-ssl-cert-secretIn this example,
- Secure vault reference implementation is enabled.
- HashiCorp Vault is deployed to the vault namespace.
- FTM secrets are stored at the /v1/ftm/data/ftm path in the vault.
- FTM uses the FTM role created in the vault to access the secrets.
- FTM accesses the secrets using the URL https://vault.vault:8200.
- The
ca.crtis created and added to the secret ftm-ssl-cert-secret. For more information, see Create certificates.