This article walks you through the steps required to integrate HashiCorp Vault with Hyperscience.
Configure HashiCorp Vault
To configure the HashiCorp Vault integration, follow the steps below:
In Vault, create a new authentication token for Hyperscience by following the steps in Vault’s token create documentation. Apply the appropriate token configuration as per your organization's policies.
In the config.hcl file, map any secrets to be retrieved to the appropriate environment variable. See the “Configure config.hcl” section below for more information.
In the “.env” file, set VAULT_ADDR and VAULT_TOKEN to their appropriate values. If your Vault deployment requires TLS, configure the following additional environment variables:
VAULT_CACERT
VAULT_CAPATH
VAULT_CLIENT_CERT
VAULT_CLIENT_KEY
To learn more about Vault’s environment variables, see HashiCorp’s
Confirm that the tool works outside of Hyperscience.
In the “.env” file, add the following variables and values:
HS_SECRETS_MANAGER=vault VAULT_ADDR=http://vault.example.com:8200 VAULT_TOKEN=
Restart the Hyperscience application with the following commands. Make sure that the commands work as expected.
sudo bash run.sh init sudo bash run.sh --restart --clean
Rotate the secrets and restart the application with the above commands again. Make sure that the Hyperscience application starts successfully upon restart.
Configure config.hcl
The config.hcl file defines a format for mapping an environment variable to a location where a secret is stored.
{path = "hs"
no_prefix = true}
In the example above, path instructs the application to read all key/value pairs under the hs prefix in Vault and return the key/value pairs as environment variables to Hyperscience. To learn more about the config.hcl file, see HashiCorp’s Configuration File guide.