IBM
Guardium® Cryptography Manager allows integration with
the Hashicorp Vault Public Key Infrastructure (PKI) engine for certificate discovery and PKI
operations.
About this task
The integration with Hashicorp Vault allows certificate discovery and PKI
operations.
Procedure
- From the main menu, click .
- Choose the Hashicorp Vault card.
- After reading the About information, click
Next.
- Update the following configuration fields.
Table 1. Hashicorp Vault configuration
parameters
| Fields |
Description |
| Name |
Enter a unique name for the integration. |
| Hashicorp Vault account |
URL: Enter the URL of the Hashicorp Vault
instance. Public SSL Certificate: Enter the Hashicorp Vault server
certificate details.
|
| Authentication |
Type: Select 'Basic' as app role.
Role ID: Enter the role ID.
Secret ID: Enter the secret ID.
Namespaces: Enter the namespaces.
PKI engines: Enter the PKI engines.
|
Note: As a best practice use a role ID with read only access and do not connect to the primary node
from the Vault PKI cluster.
- Click Test connection to help ensure that Guardium Cryptography Manager can connect to the Hashicorp
Vault instance.
- After testing the connection, click Finish to save the Hashicorp
Vault configuration and create the integration.
Results
After the integration is created, it is enabled by default. If you want to disable or delete the
Hashicorp Vault integration, from the main menu, click
and
use the options icon in the card to disable or delete.