HashiCorp Vault Troubleshooting and Validation
This section provides validation steps and troubleshooting procedures for the HashiCorp Vault integration.
Navigation Path
Management → Accounts & Integrations → HashiCorp Vault → Troubleshooting and Validation
Validation Steps
-
Verify connection in the dashboard
In the SailPoint Entro Dashboard, navigate to Management → Accounts & Integrations → HashiCorp Vault and confirm the connection status displays Verified.
-
Check last synchronization
Ensure that Last Synchronization Timestamp is recent.
-
Confirm discovered secrets
Check for discovered secret metadata under Findings → Inventory.
-
Review connector logs
Review the Worker Group (Connector) logs for successful scan events.
Command-Line Verification (Optional)
Note
You can validate Vault connectivity using the following command. It should return details about the token including its TTL, policies, and accessor.
Validate Vault token
Common Issues and Resolutions
| Issue | Possible Cause | Resolution |
|---|---|---|
| “Permission denied” | Insufficient ACL permissions | Verify ACL includes list, read, and update capabilities |
| Token expired | Token TTL reached | Renew or recreate token with renewable=1 |
| Connection timeout | Network restrictions | Ensure Vault API is reachable via HTTPS (port 8200) |
| Missing findings | KV engine access missing | Add KV2 metadata permissions per refined ACL |
Advanced Diagnostics
-
Review SailPoint Entro Worker logs for Vault sync events and response codes
-
Check Vault audit logs for token activity or permission denials
-
Ensure Vault token policies match SailPoint Entro’s ACL configuration
Security & Compliance Notes
-
Integration is read-only; no write or modify actions occur
-
All communications encrypted via TLS 1.2+
-
Tokens securely stored and encrypted (AES-256)
-
Integration aligns with SOC 2 Type II, ISO 27001, and GDPR standards