HashiCorp Vault connectors enable you to use a centralized secret management tool for the keys used to sign packages.
To set up HashiCorp Vault connectors:
Agent Auto-Auth: Using the vault agent running as a daemon.
The Agent Auto-Auth method is only supported on Self-Hosted environments.
Connect the HashiCorp Vault you set up to the JFrog Platform by running the Vault Configuration REST API. The connector to the vault requires the information detailed above (in the UI setup).
To be able to retrieve the signing keys from HashiCorp Vault, use the following REST API commands to define the HashiCorp Vault key aliases. Using the REST API, the signing keys can be either set inline, set as reference to Vault, or they can be deleted.
Use the Create Key Pair REST API to point the JFrog Platform to the GPG and RSA signing keys stored in the vault.
Use the Upload and Propagate GPG Signing Keys for Distribution REST API to to point the JFrog Platform to the GPG and RSA signing keys stored in the vault.
Vault integration can be done with the following REST API endpoints :