Integrate FTM with HashiCorp Vault

After you deploy HashiCorp Vault , you can enable the FTM secure vault reference implementation in your FTM custom resource.

The following sample in the FTM custom resource shows how to enable the secure vault reference implementation.
config:
    instance:
      referenceImplementation:
        vault:
            enabled: true
            namespace: vault
            url: 'https://vault.vault.svc.cluster.local:8200'
            dataPath: /v1/ftm/data/ftm
            role: ftm
            certificate:
              valueFrom:
                secretKeyRef:
                  name: vault-ssl-certificate
                  key: tls.crt
security:
    certificate:
      ca:
         valueFrom:
            secretKeyRef:
                 key: ca.crt
                 name: ftm-ssl-cert-secret
In this example,
  • Secure vault reference implementation is enabled.
  • HashiCorp Vault is deployed to the vault namespace.
  • FTM secrets are stored at the /v1/ftm/data/ftm path in the vault.
  • FTM uses the FTM role created in the vault to access the secrets.
  • FTM accesses the secrets using the URL https://vault.vault:8200.
  • The ca.crt is created and added to the secret ftm-ssl-cert-secret. For more information, see Create certificates.
After you enable the secure vault reference implementation, FTM uses init containers to retrieve secrets from HashiCorp Vault instead of pulling them from Red Hat® OpenShift® secret resources. If you deploy IBM® App Connect Enterprise runtimes, they also retrieve their required secrets from the same secure vault.