LogoLogo
  • Welcome to Firefly Documentation
  • Introduction
    • What is Firefly?
    • Who is Firefly for?
    • Why use Firefly?
    • Terminology (Glossary)
  • Key Features
    • Infrastructure-as-Code Automation
    • Cloud Asset Inventory
    • Drift Detection & Remediation
    • Policy-as-Code for Compliance & Governance
    • Cost Visibility & Optimization
    • AI Assistant
    • ChatOps Integration
  • Getting Started
    • Account Setup & Onboarding
    • Connecting Cloud Accounts
    • UI Walkthrough & Navigation
    • First Steps in Firefly
  • Detailed Guides
    • Dashboard Overview
    • Cloud Asset Inventory
      • Remediating Drifts
      • Deleting Assets
      • Creating IaC-Ignore Rules
      • Creating Exclude-Drift Rules
    • Policy & Governance
      • Creating Policy-as-Code Governance Rules
      • Remediating Policy Violations
    • Workflows & Guardrails
      • Creating Workflows
      • Creating Guardrail Rules
    • Codification
    • Self-Service
    • IaC Explorer
    • Event Center
    • Backup and Disaster Recovery
    • Notifications
    • User Management
    • SSO Configuration
  • Integrations
    • Integrations Overview
    • Integrating Data Sources
      • AWS
      • Azure
      • Google Cloud
      • Kubernetes
      • Akamai
      • Datadog
      • New Relic
      • Okta
      • GitHub
      • Cloudflare
      • NS1
      • PagerDuty
      • MongoDB Atlas
      • HashiCorp Vault
    • Integrating IaC Remote State
      • Terraform Cloud
      • Google Cloud Storage
      • env0
      • HashiCorp Consul
    • Integrating Version Control
      • GitHub
      • GitLab
      • Azure DevOps
      • CodeCommit
      • Bitbucket
    • Integrating Notifications
      • Slack
      • Microsoft Teams
      • PagerDuty
      • Opsgenie
      • Torq
      • Webex
      • Google Chat
      • Webhook
    • Integrating Project Management
      • Jira
      • ServiceNow
    • Integrating Workflows with CI/CD
    • Integrating Backstage
    • Integrating MCP
  • Use Cases & Best Practices
    • Cloud Governance & Visibility
    • Cost Optimization Strategies
    • Compliance and Security Best Practices
    • Infrastructure Automation & Self-Service
    • Best Practices and Implementation Tips
  • Analytics & Reporting
    • Analytics Dashboard Overview
    • Using Analytics for Improvement
    • Exporting and Sharing Reports
    • Analytics Security and Privacy
  • Code Snippets & Examples
    • Terraform Snippet for an AWS EC2 Instance (Codified via Firefly)
    • Example Rego Policy (OPA) for a Custom Rule
    • GitHub Actions Workflow YAML for Firefly Integration
    • JSON Output Example: Exporting Inventory
  • Troubleshooting & FAQs
    • Common Issues and Solutions
    • FAQs
  • General Information
    • Firefly API
      • Authentication
      • Inventory
      • Codification
      • Workflows
      • Self-Service
      • Policy & Governance
      • IaC Explorer
      • Event Center
      • Backup & Disaster Recovery
      • Notifications
      • Integrations
      • Identity & Access Management
    • Security & Compliance
    • Pricing Tiers & Add-ons
    • Contacting Support
Powered by GitBook
On this page
  • Overview
  • Prerequisites
  • Setup Procedure
  • 1. Create Required Policy
  • 2. Configure Authentication
  • 3. Verify Integration
  • Configuration Details
  • Best Practices
  • Troubleshooting

Was this helpful?

  1. Integrations
  2. Integrating Data Sources

HashiCorp Vault

Overview

Firefly can integrate with HashiCorp Vault to track secrets engines and configurations. This integration allows you to ensure your Vault setup follows infrastructure as code principles. The integration focuses on tracking Vault's configuration and setup, not the secrets themselves, aligning with infrastructure as code principles while maintaining security best practices.

Prerequisites

  • HashiCorp Vault server with administrative access

  • Vault server address

  • A token with appropriate policies to read mounts and configurations

  • Access to create and manage policies

  • Ability to configure authentication methods

Setup Procedure

1. Create Required Policy

  1. Log in to your HashiCorp Vault account

  2. Navigate to Policies

  3. Create a new policy with the following permissions:

path "*"
{
  capabilities = ["read","list"]
}

path "auth/token/renew-self"
{
  capabilities = ["update"]
}

path "auth/token/create"
{
  capabilities = ["update", "create"]
}

2. Configure Authentication

  1. Navigate to Access

  2. Enable a new auth method of type userpass

  3. Create a new user

  4. Attach the previously created policy to the user

3. Verify Integration

  1. Go to the Inventory page

  2. Filter by Data Source = HashiCorp Vault

  3. Verify that your Vault configurations are showing up correctly

Configuration Details

  • Supports monitoring of:

    • Secrets engines

    • Authentication methods

    • Mount points

    • Policy configurations

  • Regular scanning of Vault configurations

  • Integration with Firefly's inventory management

  • Support for policy enforcement on Vault resources

  • Ability to create policies for:

    • Ensuring specific secrets engines are enabled

    • Verifying authentication methods are properly configured

    • Checking for required mount points

Best Practices

  1. Use read-only credentials for integration

  2. Regularly verify the integration is working as expected

  3. Monitor for configuration changes that might affect the integration

  4. Focus on integrating tools where Firefly adds value

  5. Keep track of which Vault configurations are being monitored

  6. Review and update policies as needed

  7. Maintain proper access controls in Vault

Troubleshooting

  1. For authentication issues:

    • Verify token permissions

    • Check if the token has expired

    • Ensure the policy is correctly configured

    • Verify Vault server address is correct

  2. For asset discovery issues:

    • Verify the integration is active in Firefly

    • Check if the token has access to required paths

    • Review Firefly integration logs

    • Verify Vault mount points are accessible

  3. For policy enforcement issues:

    • Verify the asset types are supported

    • Check policy configuration

    • Review Firefly policy logs

    • Ensure Vault resources are properly configured

Note: This integration focuses on tracking Vault's configuration and setup, not the secrets themselves. This approach aligns with infrastructure as code principles while maintaining security best practices.

PreviousMongoDB AtlasNextIntegrating IaC Remote State

Last updated 1 month ago

Was this helpful?