HashiCorp: Configure Groundplex Nodes

Owned by Anand Vedam
Last updated: Jan 11, 2024 by Subhajit Sengupta
2 min read

This page is no longer maintained (Apr 12, 2023). For the most current information, go to https://docs.snaplogic.com/cicd/secrets-mgmt/secrets-mgmt-hashicorp-config-groundplex.html.

 

Overview

The node configuration file (secrets-config.json) contains the information that the Snaplex needs to access the appropriate secrets.

In the node configuration file, you will enter the information you collected when setting up the Vault.

Steps

  1. In a Snaplex node host, create or edit the secrets-config.json in the /etc/snaplogic directory.

  2. Copy and paste the JSON structure and fill in the required values. For every Vault, you need a Vault configuration object inside the HCP array with the appropriate values.

    { "HCP" : [ { "alias": "config-name", "namespace": "vault-namespace", "location": "cluster-url", "project_space" : "/snaplogic/shared", "role_id": "roleid", "secret_id": "secretid", "auth_path": "auth-name" }, ... ] }

  3. Save the file and copy it to the /etc/snaplogic directory of the other nodes in the Groundplex.

  4. Restart the JCC service on the node hosts. On Linux: sh /opt/snaplogic/bin/jcc.sh restart

Example

This secrets-config.json file sets up connections to a variety of Vaults:

{ "HCP" : [ { "alias": "marketing", "namespace": "admin/marketing", "location": "https://snaplogic-dev-cluster.vault.f754c6a8-491e-4269-b7fa-bb6b15b2b8e2.aws.hashicorp.cloud:8200", "role_id": "6b406315-b89c-b7bb-f721-8b038055e507", "secret_id": "0d65a416-98b8-c526-a273-ac856dcc29fd" }, { "alias": "developers", "namespace": "admin/developers", "location": "https://snaplogic-dev-cluster.vault.f734b6a8-491e-4269-b7ga-bb6b16b2b8e2.aws.hashicorp.cloud:8200/", "role_id": "e7cce3cb-9c03-3ed0-134d-c7f00dgf073b", "secret_id": "1763c7c6-d8be-2c8c-f8be-55f2b9925639" }, { "alias": "defaultRole", "namespace": "admin/developers", "location": "http://172.27.184.47:8200/", "role_id": "86887eb7-5f7a-7476-be0b-dec5d4584c9a", "secret_id": "e784cd95-2605-dde8-c247-448942416a0a" } ] }

Restrict secret usage to a project space

To restrict the use of secrets to a single project space,

  1. Add a project_space property in your secrets-config.json configuration file.

  2. Provide the path to the project space that contains the secrets.

For example, "project_space" : "/snaplogic/shared" constrains users to secrets stored in accounts in the snaplogic project space shared folder.

 

Have feedback? Email documentation@snaplogic.com | Ask a question in the SnapLogic Community
© 2017-2024 SnapLogic, Inc.