Self-Service HashiCorp Vault Secret Creation with Morpheus - Hybrid Cloud Management and Automation | Morpheus

Self-Service HashiCorp Vault Secret Creation with Morpheus

HashiCorp Vault is a popular open source secrets management platform. The platform supports static secrets, dynamic credentials, encryption as a service and other features. Organizations that use HashiCorp Vault develop workflows or patterns for consuming or integrating the platform in their environment. Operational workflows in Morpheus provide a solution for orchestrating automation tasks such as Ansible playbooks, bash scripts, python scripts and others. The Morpheus self-service catalog provides a simplified method for requesting instances, blueprints and operational workflows. In this blog post we’ll look at how the Morpheus platform provides a self-service portal for creating HashiCorp Vault secrets.

Self-Service Operational Workflow

The first thing we need to do is create a python script task to create the HashiCorp Vault secret. The python hvac library provides a simple way to interact with a HashiCorp Vault instance using python. The python script utilizes the create or update secret method for KV v2 secrets engines. Finally, the non-sensitive inputs are returned as a JSON payload.

With the python script created an operational workflow is used to associate the task with. The script parameters are exposed to the requestor via option types that are associated with the workflow.

The operational workflow can be executed from the Automation section of the Morpheus UI but we want to create a self-service catalog for the workflow. Once you’ve created the associated catalog item the operational workflow can be ordered from the service catalog.

The ordered item will appear in the Morpheus service catalog inventory. The mount point, secret path and secret key will be displayed in the run result output.

Once the workflow has completed successfully you can go into the HashiCorp Vault UI and view the newly created secret. The new secret is at the mount point/backend and path that was specified in the self-service request.

Try Morpheus Community Edition or Get a Demo
The Morpheus Community Edition lets you fully experience the Morpheus platform including nearly all features and capabilities! Register at Morpheus Hub and try it in your home lab or test environment today! Interested in learning more about Morpheus from one of our cloud transformation experts? Schedule a demo to walk through how Morpheus can help your organization here.

X