Info |
---|
This page is no longer maintained (). For the most current information, go to https://docs.snaplogic.com/cicd/secrets-mgmt/secrets-mgmt-hashicorp-config-groundplex.html. |
Overview
The node configuration file (secrets-config.json
) contains the information that the Snaplex needs to access the appropriate secrets.
In the node configuration file, you will enter the information you collected when setting up the Vault.
Steps
In a Snaplex node host, create or edit the
secrets-config.json
in the/etc/snaplogic
directory.Copy and paste the JSON structure and fill in the required values. For every Vault, you need a Vault configuration object inside the
HCP
array with the appropriate values.Code Block { "HCP" : [ { "alias": "config-name", "namespace": "vault-namespace", "location": "cluster-url", "project_space" : "/snaplogic/shared", "role_id": "roleid", "secret_id": "secretid", "auth_path": "auth-name" }, ... ] }
Save the file and copy it to the
/etc/snaplogic
directory of the other nodes in the Groundplex.Restart the JCC service on the node hosts. On Linux:
sh /opt/snaplogic/bin/jcc.sh restart
Example
This secrets-config.json
file sets up connections to a variety of Vaults:
Code Block |
---|
{ "HCP" : [ { "alias": "marketing", "namespace": "admin/marketing", "location": "https://snaplogic-dev-cluster.vault.f754c6a8-491e-4269-b7fa-bb6b15b2b8e2.aws.hashicorp.cloud:8200", "role_id": "6b406315-b89c-b7bb-f721-8b038055e507", "secret_id": "0d65a416-98b8-c526-a273-ac856dcc29fd" }, { "alias": "developers", "namespace": "admin/developers", "location": "https://snaplogic-dev-cluster.vault.f734b6a8-491e-4269-b7ga-bb6b16b2b8e2.aws.hashicorp.cloud:8200/", "role_id": "e7cce3cb-9c03-3ed0-134d-c7f00dgf073b", "secret_id": "1763c7c6-d8be-2c8c-f8be-55f2b9925639" }, { "alias": "defaultRole", "namespace": "admin/developers", "location": "http://172.27.184.47:8200/", "role_id": "86887eb7-5f7a-7476-be0b-dec5d4584c9a", "secret_id": "e784cd95-2605-dde8-c247-448942416a0a" } ] } |
Restrict secret usage to a project space
To restrict the use of secrets to a single project space,
Add a
project_space
property in yoursecrets-config.json
configuration file.Provide the path to the project space that contains the secrets.
For example, "project_space" : "/snaplogic/shared"
constrains users to secrets stored in accounts in the snaplogic
project space shared folder.