We want to use the HashiCorp Vault component built into Pega,
However we have a question:
Is it mandatory to use a “transit secret engine”, a feature existing in Vault that allows to encrypt / decrypt data directly in Vault?
If so, it’s a problem, because we can’t set up the configuration at Richemont.
If this functionality isn’t necessary, can you please be clearer about the “Encryption service endpoint” and “Decryption service endpoint” fields to be filled in, and give some configuration examples?
As a reminder, we have based on the Pega official documentation for this operation:
In pega, Hashicorp key vault keystore is being used to encrypt or decrypt application data.
To encrypt application data by using hashicorp vault then we need to specify the role id, secret id, authentication service end point, encryption service end point and decryption service end point as mentioned in the keystore rule form.
If you want to customize this behavior then you can use custom data page option of keystore and write logic to connect to hashicorp vault and perform the encryption and decryption.
you can find more details here:
example shown in step 2 of the sample activity pzSampleGetCustomMasterKey
We are trying to do some POC about integrating HashiCorp vault with Pega platform. We have configured HashiCorp vault and it seems up and running. However, whenever we are trying to configure keystore for HashiCorp vault from pega platform, we are getting some errors due to some url validation. Kindly see image includes configuration details below. I have shared the tracer logs related this validation below as well. Any recommendations in order to solve this issue?
As mentioned the below configuration is done able to connect hashi-corp vault.
Role ID
Secret ID
Authentication service endpoint
Encryption service endpoint
Decryption service endpoint
our requirement is to retrieve the client id and secrets from vault for API configuration. Really appreciated if you could share configuration steps to use inside the application.
@Dinesha Have you been able to check the screenshots I have shared in my previous post? Pega platform is executing some validation I guess so it is not accepting the urls for decryption and encryption I’ve set.
@Dinesha Got you. What I understood that you are executing a connect-rest rule through some activity method to call a restful service which is communicating with HashiCorp vault server instead of a way described below.
