Completed

1

Hashicorp Vault Approle integration not working in Digital.ai Release

by: Jérémy D. | 6 months ago | Integrations
This idea is
closed for voting.
return to idea list

Hello,

I saw that you had integrated the "approle" authentication method into the Hashicorp Vault plugin for Digital.ai Release.

However, in my opinion, several things are seriously wrong.

The first is that in the definition of the Vault server, we cannot indicate the "mount_point" of the approle authentication engine that we wish to target.

Second point, the "secret-id" parameter should not be a Text variable but rather Password because it is sensitive data.

The goal of using Hashicorp Vault is to be able to point Password type variables to secrets present in Hashicorp Vault and today, this is not possible if the mount_point is not "approle".

Another point, in the Vault plugin tasks (let's take for example "Secrets V2-Read secret"), you put the "mount_point" field but it cannot be alone; you must propose here the connection methods (approle, PAT, etc.) and in each of these methods put the associated parameters (role-id and secret-id if you choose the Approle method, token if you choose PAT, etc.)

I think you should really work on this plugin because Hashicorp Vault is a very good tool to integrate with Digital.ai Release but the current plugin does not meet the needs at all.

Regards,

Jeremy

by: Jérémy D. | 6 months ago | Integrations

Comments

  • Thank you for your feedback. We have planned the following changes for the 24.3 release:

    - We will introduce the 'mount_point' field for the 'approle' authentication method in the Connections.
    - We will change the 'secret-id' parameter from a Text variable to a Password type to enhance security.
    - The 'mount_point' field will be part of the Connection, therefore selecting the connection on the task should take care of the mapping to 'approle'.

    Let us know if those changes would be helpful.

    by: DevOps Product team | 6 months ago
    official response

  • Hello,

    Yes, that's exactly what I was asking.

    It's great if you integrate it into the new version of Release.

    I just have to wait for this version to come out so I can offer this feature to users.

    Regards,

    Jeremy

    by: Jérémy D. | 6 months ago