Document toolboxDocument toolbox

Obtaining Credentials from Hashicorp Vault

Hashicorp Vault is available as an option to provide credentials for Devo SOAR integrations and event types. The information required to obtain credentials from Hashicorp is stored in Devo SOAR secret engine records.

Devo SOAR currently supports KV secret engine.

To use Hashicorp for connections for integration and event types, follow this process in Devo SOAR, obtaining information as needed from Hashicorp:

  1. Create a secret engine to store the information for your Hashicorp Vault account. Copy and paste the needed information from Hashicorp Vault.

  2. Set up a connection for an integration or event type, selecting the appropriate Hashicorp Vault options. Verify that the connection is successful.

  3. Open a playbook and add an integration or event type. As part of the configuration, select the connection you set in the previous step and specify a vault option for the Hashicorp credentials.

Add a Secret Engine

  1. Navigate to Settings > Credentials Store.

  2. Click New Secret Engine.

  3. Enter a Name and ** Description**.

  4. Copy the following information from Hashicorp Vault.

  5. Approle ID Example: 7294b4d1-3f0a-4578-b68f-ba6d26a1c1b8

  6. Approle Secret Example: e4396eda-569f-4297-8c90-5ea971568566

  7. Approle path Example: https\://your-vault-address:8200/v1/auth/approle/login

  8. Paste the values into the indicated fields on the New Secret Engine screen. For the Approle path, make sure to use an absolute path that starts with https\://

  9. Devo SOAR supports Hashicorp KV secret engine v1 and v2. You can either create a new KV secret engine or use an existing one.
    To configure to use a secret engine provide the relative path of that KV secret engine. Here in example, KV engine is created at path `secrets/kv-v2'

So you have to use kv-v2 in config

  1. Scroll down in the Add Secret Engine screen to display the Secret Engine Configuration settings. Paste the relative path into the Path field.

  1. Select the version of KV engine.

  2. In the TTL field, enter the length of time you want to store the credentials in the Devo SOAR cache. If you enter 0, the credentials will be fetched from Hashicorp each time an authentication request is made.

  3. Click Save.
    Note: Check How to store credentials in KV secret engine at the section below to know how to store credentials in KV engine to be used by Devo SOAR.

The new credentials are saved, enabled, and listed on the Settings > Credentials Store page. You can now use credentials that are stored in your Hashicorp account for integrations and event types.

How to Store Credentials in KV Secret Engine

If you want to use credentials that you store in Hashicorp Vault, they should be stored in key-value pairs. The key should be the same as the labels of fields in the Devo SOAR UI. For example, Cyberreason uses username and password for credentials.

In Devo SOAR for Cyberreason Credential labels are as following:

  1. Email Address/Username

  2. Password

(* is symbol for mandatory fields )

Correspondingly, in HashiCorp Vault, it should be stored as following (give any meaningful label for these, here it is Cyberreason-IJ in path "kv-v2")

  1. key = Email Address/Username, Value =

  2. key = Password, Value =

Set Up a Connection with Hashicorp Credentials

Access the connections setup in any of these ways:

  • On the Connections page, select New.

  • On the Automation > Integrations page, find the integration you’re looking for, click Details, and then click +.

  • From a playbook, add an integration, add a step and select the integration or event type you want to use. When prompted for a connection, select the option to create a new one.

For the connections setup, select one of these options:

  • To obtain credentials from Hashicorp Vault, select Fetch from the Vault and then choose a credentials option from the dropdown list that appears.

  • To use the credentials that are stored in Devo SOAR, select Manual Entry. When you select Manual Entry, the applicable parameters are displayed, as in the following example for which API Token is needed for authentication.

Note

If you want to use credentials that you store in Hashicorp Vault for manual entry, keep in mind that they are stored in key-value pairs. The key should be the same as the labels of fields in the Devo SOAR UI.
For example, case management uses API token. In HashiCorp Vault, it is stored as
key = API Token
Value =

To save the settings and connect, click Connect. When the connection is made, the integration or event type is available to be used in a playbook.

Example Use in Playbook

In the Easy Mode editor, search for the integration and select it. As part of the integration setup, select the connection that you set up. (If you haven’t yet created a new connection click Create a New Connection and follow the instructions in the previous section.)

Complete the setup and click Submit. If the connection is valid, the credentials are supplied automatically and the results of the integration are displayed in the results panel.

Manage Credentials

To manage your existing secret engines and create new ones, open the Settings > Credentials Store page.

Information about each is listed, including the secret keys that are used.

Perform any of the following actions from the More (...) menu.

  • Edit. Make changes to an existing secret engine.

  • Refresh. Update the credentials cache.

  • Disable. Disconnect the secret engine without removing the connection. If you edit a playbook that has a disabled engine, no new data is ingested. If you refresh the results table, an error message is displayed.

  • Enable. Restart an engine that was previously disabled.

  • Remove. Delete the secret engine from all of the connections that use it. The secret engine configuration is lost and cannot be recovered. All results that involve the engine will now fail.