Configure your Guardium®
system to access the HashiCorp vault and
retrieve datasource credentials.
Before you begin
If you are using client-side authentication with TLS, create and import a client certificate
on all your systems including the central manager and managed units. For more information, see Creating and importing a client certificate.
About this task
Use the following procedure to configure your Guardium
system to access the HashiCorp vault by
using the Guardium
UI.Note: Create this configuration only on your central manager or stand-alone system.
Procedure
-
Access .
- Click
to open the Create New HashiCorp Vault Access Configuration
dialog.
- In the Name field, enter a name for the HashiCorp
configuration.
- Select the Authentication type for the configuration. You can
authenticate to the HashiCorp vault by
using a username and password with no TLS, server-side authentication with TLS, or client-side
authentication with TLS.
- Enter the HashiCorp vault
hostname.
- Enter the HashiCorp vault
port number.
- Depending on the type of authentication, enter the username, password, and select the
Use TLS option, if applicable:
- If the authentication type is Username & Password without TLS, enter
the username and password. Do not check Use TLS.
- If the authentication type is Username & Password with server-side
authentication, enter the username and password. Then, check Use TLS.
- If the authentication type is TLS Certificates with client-side
authentication, check Use TLS and import the client signed certificate if you
haven't already.
- Save and Test connection.
What to do next
Note the name of your configuration. This information is used when you define your
datasources to retrieve credentials from the HashiCorp
vault.Important: If you rebuild your Guardium
system, you must delete any related TLS certificates from the HashiCorp vault.
Then, create and import the client certificates again.