a3dfde5cec
* conversion stage 1 * correct image paths * add sidebar title to frontmatter * docs/concepts and docs/internals * configuration docs and multi-level nav corrections * commands docs, index file corrections, small item nav correction * secrets converted * auth * add enterprise and agent docs * add extra dividers * secret section, wip * correct sidebar nav title in front matter for apu section, start working on api items * auth and backend, a couple directory structure fixes * remove old docs * intro side nav converted * reset sidebar styles, add hashi-global-styles * basic styling for nav sidebar * folder collapse functionality * patch up border length on last list item * wip restructure for content component * taking middleman hacking to the extreme, but its working * small css fix * add new mega nav * fix a small mistake from the rebase * fix a content resolution issue with middleman * title a couple missing docs pages * update deps, remove temporary markup * community page * footer to layout, community page css adjustments * wip downloads page * deps updated, downloads page ready * fix community page * homepage progress * add components, adjust spacing * docs and api landing pages * a bunch of fixes, add docs and api landing pages * update deps, add deploy scripts * add readme note * update deploy command * overview page, index title * Update doc fields Note this still requires the link fields to be populated -- this is solely related to copy on the description fields * Update api_basic_categories.yml Updated API category descriptions. Like the document descriptions you'll still need to update the link headers to the proper target pages. * Add bottom hero, adjust CSS, responsive friendly * Add mega nav title * homepage adjustments, asset boosts * small fixes * docs page styling fixes * meganav title * some category link corrections * Update API categories page updated to reflect the second level headings for api categories * Update docs_detailed_categories.yml Updated to represent the existing docs structure * Update docs_detailed_categories.yml * docs page data fix, extra operator page remove * api data fix * fix makefile * update deps, add product subnav to docs and api landing pages * Rearrange non-hands-on guides to _docs_ Since there is no place for these on learn.hashicorp, we'll put them under _docs_. * WIP Redirects for guides to docs * content and component updates * font weight hotfix, redirects * fix guides and intro sidenavs * fix some redirects * small style tweaks * Redirects to learn and internally to docs * Remove redirect to `/vault` * Remove `.html` from destination on redirects * fix incorrect index redirect * final touchups * address feedback from michell for makefile and product downloads
6.9 KiB
| layout | page_title | sidebar_current | description |
|---|---|---|---|
| docs | Partnerships - Vault Integration Program | docs-partnerships | Guide to partnership integrations and creating plugins for Vault. |
Vault Integration Program
The Vault Integration Program (VIP) enables vendors to build integrations with HashiCorp Vault that are officially tested and approved by HashiCorp. The program is intended to be largely self-service, with links to code samples, documentation and clearly defined integration steps.
Types of Vault Integrations
By leveraging Vault's plugin system, vendors are able to build extensible secrets, authentication, and audit plugins to extend Vault's functionality. These integrations can be done with the OSS (open-source) version of Vault. Hardware Security Module (HSM) integrations need to be tested against Vault Enterprise since the HSM functionality is only supported in the Vault Enterprise version.
Authentication Methods: Auth methods are the components in Vault that perform authentication and are responsible for assigning identity and a set of policies to a user.
Vault Secrets Engine: Secrets engines are components which store, generate, or encrypt data. Secrets engines are incredibly flexible, so it is easiest to think about them in terms of their function. Secrets engines are provided some set of data, they take some action on that data, and they return a result.
Audit Devices: Audit devices are the components in Vault that keep a detailed log of all requests and response to Vault. Because every operation with Vault is an API request/response, the audit log contains every authenticated interaction with Vault, including errors. (no plugin interface - built into Vault Core. Leave it there - no reqs yet but expect some soon)
Hardware Security Module (HSM): HSM support is a feature of Vault Enterprise that takes advantage of HSMs to provide Master Key Wrapping, Automatic Unsealing and Seal Wrapping via the PKCS#11 protocol ver. 2.2+.
Cloud / Third Party Autounseal Integration: Non-PKCS#11 integrations with secure external data stores (e.g.: AWS KMS, Azure Key Vault) to provide Autounsealing and Seal-Wrapping.
Storage Backend: A storage backend is a durable storage location where Vault stores its information.
Development Process
The Vault integration development process is described into the steps below. By following these steps, Vault integrations can be developed alongside HashiCorp to ensure new integrations are reviewed, certified and released as quickly as possible.
- Engage: Initial contact between vendor and HashiCorp
- Enable: Documentation, code samples and best practices for developing the integration
- Develop and Test: Integration development and testing by vendor
- Review/Certification: HashiCorp code review and certification of integration
- Release: Vault integration released
- Support: Ongoing maintenance and support of the integration by the vendor.
1. Engage
Please begin by completing Vault Integration Program webform to tell us about your company and the Vault integration you’re interested in.
2. Enable
Here are links to resources, documentation, examples and best practices to guide you through the Vault integration development and testing process:
General Vault Plugin Development:
Secrets Engines
Authentication Methods
- Auth Methods documentation
- Example of how to build, install, and maintain auth method plugins plugin
- Sample plugin code
Audit Devices
HSM Integration
Storage Backends
Storage configuration documentation
Community Forum
Vault developer community forum
3. Develop and Test
The only knowledge necessary to write a plugin is basic command-line skills and knowledge of the Go programming language. Use the plugin interface to develop your integration. All integrations should contain unit and acceptance testing.
4. Review
HashiCorp will review and certify your Vault integration. Please send the Vault logs and other relevant logs for verification at: vault-integration-dev@hashicorp.com. For Auth, Secret and Storage plugins, submit a GitHub pull request (PR) against the Vault project (https://github.com/hashicorp/vault). Where applicable, the vendor will need to provide HashiCorp with a test account.
5. Release
At this stage, the Vault integration is fully developed, documented, tested and certified. Once released, HashiCorp will officially list the Vault integration.
6. Support
Many vendors view the release step to be the end of the journey, while at HashiCorp we view it to be the start. Getting the Vault integration built is just the first step in enabling users. Once this is done, on-going effort is required to maintain the integration and address any issues in a timely manner. The expectation for vendors is to respond to all critical issues within 48 hours and all other issues within 5 business days. HashiCorp Vault has an extremely wide community of users and we encourage everyone to report issues however small, as well as help resolve them when possible.
Checklist
Below is a checklist of steps that should be followed during the Vault integration development process. This reiterates the steps described above.
- Complete the Vault Integration webform
- Develop and test your Vault integration following examples, documentation and best practices
- When the integration is completed and ready for HashiCorp review, send the Vault and other relevant logs to us for review and certification at: vault-integration-dev@hashicorp.com
- Once released, plan to support the integration with additional functionality and responding to customer issues
Contact Us
For any questions or feedback, please contact us at: vault-integration-dev@hashicorp.com