# How to integrate Hashicorp Vault

Out-of-the-box, both PagerDuty Process Automation (PPA) & Rundeck Community store all the keys and passwords in their own Key Storage using the database backend. Many people prefer to use a central Key Storage server to access all keys and passwords from a single secure location. This avoids saving secrets in multiple locations and reduces the risk of key/password leaks.

Some users prefer to integrate PPA/Rundeck Community with their Secrets Management solution rather than using the native product functionality. In this article, we demonstrate how to integrate PPA/Rundeck Community with the Hashicorp Vault plugin.

# Hashicorp Vault

Vault (opens new window) is an identity-based secret and encryption management system. A secret is anything that you want to tightly control access to, such as API encryption keys, passwords, or certificates. Vault provides encryption services that are gated by authentication and authorization methods. Using Vault’s UI, CLI, or HTTP API, access to secrets and other sensitive data can be securely stored and managed, tightly controlled (restricted), and auditable.

# Test Vault server

Before integrating Vault with PPA or Rundeck you need to test the Vault server. If you don’t already have Vault installed, To do that follow these steps:

  1. Download the Vault binary here (opens new window).
  2. Uncompress the file and save the executable in a specific location in this example is saved on /home/user/Programs/vault
  3. Start the server with ./vault server -dev command.
  4. Check the output, you can see the Vault server URL and use the token to access it.

    Checking the VAULT_ADDR URL in any browser you can see the Vault web interface. Use the Vault output’s Root Token to enter.


# Configuring Vault with PPA / Rundeck