HashiCorp: Configure Groundplex Nodes
Overview
The node configuration file (secrets-config.json
) contains the information that the Snaplex needs to access the appropriate secrets.
In the node configuration file, you will enter the information you collected when setting up the Vault.
Steps
In a Snaplex node host, create or edit the
secrets-config.json
in the/etc/snaplogic
directory.Copy and paste the JSON structure and fill in the required values. For every Vault, you need a Vault configuration object inside the
HCP
array with the appropriate values.{ "HCP" : [ { "alias": "config-name", "namespace": "vault-namespace", "location": "cluster-url", "project_space" : "/snaplogic/shared", "role_id": "roleid", "secret_id": "secretid", "auth_path": "auth-name" }, ... ] }
Save the file and copy it to the
/etc/snaplogic
directory of the other nodes in the Groundplex.Restart the JCC service on the node hosts. On Linux:
sh /opt/snaplogic/bin/jcc.sh restart
Example
This secrets-config.json
file sets up connections to a variety of Vaults:
{
"HCP" : [
{
"alias": "marketing",
"namespace": "admin/marketing",
"location": "https://snaplogic-dev-cluster.vault.f754c6a8-491e-4269-b7fa-bb6b15b2b8e2.aws.hashicorp.cloud:8200",
"role_id": "6b406315-b89c-b7bb-f721-8b038055e507",
"secret_id": "0d65a416-98b8-c526-a273-ac856dcc29fd"
},
{
"alias": "developers",
"namespace": "admin/developers",
"location": "https://snaplogic-dev-cluster.vault.f734b6a8-491e-4269-b7ga-bb6b16b2b8e2.aws.hashicorp.cloud:8200/",
"role_id": "e7cce3cb-9c03-3ed0-134d-c7f00dgf073b",
"secret_id": "1763c7c6-d8be-2c8c-f8be-55f2b9925639"
},
{
"alias": "defaultRole",
"namespace": "admin/developers",
"location": "http://172.27.184.47:8200/",
"role_id": "86887eb7-5f7a-7476-be0b-dec5d4584c9a",
"secret_id": "e784cd95-2605-dde8-c247-448942416a0a"
}
]
}
Restrict secret usage to a project space
To restrict the use of secrets to a single project space,
Add a
project_space
property in yoursecrets-config.json
configuration file.Provide the path to the project space that contains the secrets.
For example, "project_space" : "/snaplogic/shared"
constrains users to secrets stored in accounts in the snaplogic
project space shared folder.
Have feedback? Email documentation@snaplogic.com | Ask a question in the SnapLogic Community
© 2017-2024 SnapLogic, Inc.