Skip to content

HashiCorp Vault Troubleshooting and Validation

This section provides validation steps and troubleshooting procedures for the HashiCorp Vault integration.


Management → Accounts & Integrations → HashiCorp Vault → Troubleshooting and Validation


Validation Steps

  1. Verify connection in the dashboard

    In the SailPoint Entro Dashboard, navigate to Management → Accounts & Integrations → HashiCorp Vault and confirm the connection status displays Verified.

  2. Check last synchronization

    Ensure that Last Synchronization Timestamp is recent.

  3. Confirm discovered secrets

    Check for discovered secret metadata under Findings → Inventory.

  4. Review connector logs

    Review the Worker Group (Connector) logs for successful scan events.


Command-Line Verification (Optional)

Note

You can validate Vault connectivity using the following command. It should return details about the token including its TTL, policies, and accessor.

Validate Vault token

vault token lookup

Common Issues and Resolutions

Issue Possible Cause Resolution
“Permission denied” Insufficient ACL permissions Verify ACL includes list, read, and update capabilities
Token expired Token TTL reached Renew or recreate token with renewable=1
Connection timeout Network restrictions Ensure Vault API is reachable via HTTPS (port 8200)
Missing findings KV engine access missing Add KV2 metadata permissions per refined ACL

Advanced Diagnostics

  • Review SailPoint Entro Worker logs for Vault sync events and response codes

  • Check Vault audit logs for token activity or permission denials

  • Ensure Vault token policies match SailPoint Entro’s ACL configuration


Security & Compliance Notes

  • Integration is read-only; no write or modify actions occur

  • All communications encrypted via TLS 1.2+

  • Tokens securely stored and encrypted (AES-256)

  • Integration aligns with SOC 2 Type II, ISO 27001, and GDPR standards