Configuring HashiCorp on your Guardium system

Configure your Guardium® system to access the HashiCorp vault and retrieve datasource credentials.

Before you begin

If you are using client-side authentication with TLS, create and import a client certificate on all your systems including the central manager and managed units. For more information, see Creating and importing a client certificate.

About this task

Use the following procedure to configure your Guardium system to access the HashiCorp vault by using the Guardium UI.
Note: Create this configuration only on your central manager or stand-alone system.

Procedure

  1. Access Setup > Tools and Views > HashiCorp Configurations.
  2. Click New to open the Create New HashiCorp Vault Access Configuration dialog.
  3. In the Name field, enter a name for the HashiCorp configuration.
  4. Select the Authentication type for the configuration. You can authenticate to the HashiCorp vault by using a username and password with no TLS, server-side authentication with TLS, or client-side authentication with TLS.
  5. Enter the HashiCorp vault hostname.
  6. Enter the HashiCorp vault port number.
  7. Depending on the type of authentication, enter the username, password, and select the Use TLS option, if applicable:
    • If the authentication type is Username & Password without TLS, enter the username and password. Do not check Use TLS.
    • If the authentication type is Username & Password with server-side authentication, enter the username and password. Then, check Use TLS.
    • If the authentication type is TLS Certificates with client-side authentication, check Use TLS and import the client signed certificate if you haven't already.
  8. Save and Test connection.

What to do next

Note the name of your configuration. This information is used when you define your datasources to retrieve credentials from the HashiCorp vault.
Important: If you rebuild your Guardium system, you must delete any related TLS certificates from the HashiCorp vault. Then, create and import the client certificates again.