Connecting HashiCorp Vault to the JFrog Platform
Connect the HashiCorp Vault you set up to the JFrog Platform by running the Vault Configuration REST API. The connection to the vault requires the following information:
- URL: The base URL of the vault server.
- Authentication: The authentication method used. For more information, see Hashicorp Vault Docs.
- AppRole: Using a role ID and a secret ID.
- TLS Certificate: Using a certificate and a private key.
Agent Auto-Auth: Using the vault agent running as a daemon.
The Agent Auto-Auth method is only supported on Self-Hosted environments.
- Mounts: Secrets engines are mountable engines that store or generate secrets in vault. Provide the following for each mount:
- Path: Secret engines are enabled at a "path" in vault.
- Type: Vault supports several secret engines, each-one has different capabilities. The supported secret engine types are KV-v1 and KV-v2.
Retrieving Signing Keys from HashiCorp Vault
To be able to retrieve the signing keys from HashiCorp Vault,use the following REST API commands to define the HashiCorp Vault key aliases. Using the REST API, the signing keys can be either set inline, set as reference to Vault, or they can be deleted.
Artifactory GPG and RSA Signing KeysUse the Create Key Pair REST API to point the JFrog Platform to the GPG and RSA signing keys stored in the vault.
Use the Upload and Propagate GPG Signing Keys for Distribution REST API to to point the JFrog Platform to the GPG and RSA signing keys stored in the vault.
REST API Support
Vault integration can be done with the following REST API endpoints :