HPE Community
HPE Morpheus Enterprise Software
1856403 Members
7119 Online
104112 Solutions
New Discussion

HashiCorp Vault Cypher Plugin

 
cdtaylor
Trusted Contributor

‎06-23-2022 08:32 AM

‎06-23-2022 08:32 AM

HashiCorp Vault Cypher Plugin

Hello,

I have started a HashiCorp Vault Cypher Plugin that supports both KV1 and KV2 vault secret engines. It is intended to extend upon the native vault integration that currently exists within Morpheus Cypher Core and provide extensible HashiCorp Vault secret engine support. Currently this plugin supports KV1 and KV2 engines but can be extended by the Community to support other engines within the future. The native Morpheus vault integration will only support KV2.

Please feel free to extend/add-to this plugin via public pull requests.

Update: 24/06/2022
HashiCorp Vault Cypher Plugin version 1.2.0 is designed to supersede the native vault integration and will use the “vault” mountpoint instead of “hashicorpVault”. Cypher — Morpheus Docs documentation will be updated with how to use the plugin. The plugin will also be made official on https://share.morpheusdata.com/

Update: 26/07/2022
The plugin has now merged into the official Morpheus HashiCorp Vault Plugin here: GitHub - gomorpheus/morpheus-vault-plugin: A Vault integration plugin for morpheus to offload credential storage to a remote secrets engine
The plugin JAR is now available for download here: Morpheus Marketplace
Documentation can be found on the repository README and the official Morpheus Docs. KV1 and KV2 engine support have been added to both Cypher and Credential integrations.

Reply
11 REPLIES 11
cdtaylor
Trusted Contributor

‎04-11-2023 03:33 AM

‎04-11-2023 03:33 AM

Re: HashiCorp Vault Cypher Plugin

Hello @Richard_Manoi apologies for the late update on this community post. As you may have already seen, the issue you faced with reading values (updated in the backend) was fixed late last year in version 1.3.0

Reply
Not applicable

‎07-26-2022 08:39 AM

‎07-26-2022 08:39 AM

Re: HashiCorp Vault Cypher Plugin

New content has been added to docs, along with a YouTube demo, detailing these updates to the Vault plugin. Nice work @ctaylor !

7e647d0f73660a37a774f882241511a0ba26c2aa.jpeg
0 Kudos
Reply
Not applicable

‎06-23-2022 08:57 AM

‎06-23-2022 08:57 AM

Re: HashiCorp Vault Cypher Plugin

Awesome @ctaylor

0 Kudos
Reply
cdtaylor
Trusted Contributor

‎06-23-2022 09:07 AM

‎06-23-2022 09:07 AM

Re: HashiCorp Vault Cypher Plugin

Here is how to save a secret into KV1:

00590d9d5bb0884cb0b295cc6e534a04eb845d80.png

0 Kudos
Reply
Not applicable

‎06-23-2022 08:51 AM

‎06-23-2022 08:51 AM

Re: HashiCorp Vault Cypher Plugin

Awesome nice work @ctaylor :smiley:

0 Kudos
Reply
cdtaylor
Trusted Contributor

‎09-09-2022 01:07 AM

‎09-09-2022 01:07 AM

Re: HashiCorp Vault Cypher Plugin

Hello, V1 in the log refers to the version of the API the plugin is using. V1 is the API version used for both KV1 and KV2 engines as can be seen here: morpheus-vault-plugin/AbstractVaultEngine.groovy at master · gomorpheus/morpheus-vault-plugin · GitHub.

I believe you should be using vault/kv2/secret/data/morpheus-credentials/test-kv2. You are missing /data/ from the path.

Thanks

0 Kudos
Reply
Not applicable

‎09-12-2022 10:03 PM

‎09-12-2022 10:03 PM

Re: HashiCorp Vault Cypher Plugin

Hello

I’ve still on the assessment and finding the possible application using the vault plugin on Morpheus. but I raised the issue anyway on the github

Thanks

0 Kudos
Reply
Not applicable

‎09-11-2022 10:02 PM

‎09-11-2022 10:02 PM

Re: HashiCorp Vault Cypher Plugin

Hello, thank you for the help, it’s working when I add the /data/ path

Also, an extra question, does this only work 1 way? Because if I change the secret value from the vault UI, it didn’t sync the new value when I decrypt it from the Cypher menu, while the Trust menu is able to sync the new secret value.

Thanks

0 Kudos
Reply
cdtaylor
Trusted Contributor

‎09-12-2022 05:29 AM

‎09-12-2022 05:29 AM

Re: HashiCorp Vault Cypher Plugin

Hello

I think that is something we should look into. Currently, if you are referencing pre-existing HashiCorp cypher entries (that have not been added via Tools → Cypher) directly within your automation scripts then Morpheus will read any changes made within the vault UI. If you have created a new HashiCorp Cypher entry via Tools → Cypher, then changes made in the Vault backend are not reflected in Morpheus.

You could raise this as an issue on the plugin github repository if this behaviour is impacting your usage?

0 Kudos
Reply
Not applicable

‎09-08-2022 08:41 PM

‎09-08-2022 08:41 PM

Re: HashiCorp Vault Cypher Plugin

Hello, I have a question about using the Vault on Cypher

Is this line for creating KV2 correct? because it failed and seems still requesting for v1 in the Morpheus log.
I’m also using a path that successfully used on the Trust → Credential menu

the line is:
vault/kv2/secret/morpheus-credentials/test-kv2

also screenshot:

feba2923ebd962fd6670c9d454ea61ccbfa252ba.png

Thank you

0 Kudos
Reply
cdtaylor
Trusted Contributor

‎07-26-2022 03:13 AM

‎07-26-2022 03:13 AM

Re: HashiCorp Vault Cypher Plugin

Update: 26/07/2022
The plugin has now merged into the official Morpheus HashiCorp Vault Plugin here: GitHub - gomorpheus/morpheus-vault-plugin: A Vault integration plugin for morpheus to offload credential storage to a remote secrets engine
The plugin JAR is now available for download here: Morpheus Marketplace
Documentation can be found on the repository README and the official Morpheus Docs. KV1 and KV2 engine support have been added to both Cypher and Credential integrations.

Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.