You can integrate HashiCorp Vault with Commvault to securely retrieve and manage credentials stored in your Vault environment.
Before You Begin
-
Create a dedicated HashiCorp Vault cluster and namespace, if one does not already exist. You may also use the default namespace if appropriate for your environment.
-
Create an Access Control List (ACL) policy for the required Vault path with the following capabilities:
-
read
-
list
This policy must allow Commvault to retrieve secret data from the specified path.
-
-
Follow the HashiCorp Vault authentication documentation.
Complete the following steps:
-
Enable the AppRole authentication method.
-
Associate the created ACL policy with the AppRole.
-
Generate the RoleId and SecretId for the AppRole.
-
Securely store the RoleId and SecretId. These values are required when configuring the vault in the Commvault software.
-
-
Record the secret path where the credential data (key-value pairs) is stored in Vault. When creating a new credential in the Command Center using this vault, Commvault retrieves the keys from the specified secret path.
Procedure
-
From the Command Center navigation pane, go to Manage > Security.
The Security page appears.
-
Click the Credential vault tile.
The Manage credentials page appears.
-
Click the Vault configuration tab, and then click Add from the upper-right corner of the page.
The Add credential vault dialog box appears.
-
From the Vendor list, select HashiCorp, and then enter the following information:
-
Vendor: Select HashiCorp.
-
Name: Enter a unique name for the credential vault.
-
Server URL: Enter the HashiCorp Vault server URL.
-
Vault Namespace: Enter the Vault namespace.
-
Vault Name: Enter the name of the vault created in HashiCorp.
-
RoleId: Enter the AppRole RoleId.
-
SecretId: Enter the AppRole SecretId.
-
Description (optional): Enter a short description.
-
-
Click Save.
Result
The HashiCorp Credential Vault is successfully added and is available for use in Commvault for secure credential retrieval.