HashiCorp Vault
The HashiCorp Vault Integration enables SailPoint Entro to continuously monitor your Vault environment and identify secrets, tokens, and metadata associated with Non-Human Identities (NHIs). This integration operates in read-only mode to ensure maximum security while providing complete visibility into vaulted secrets and metadata.
Navigation Path
Management → Accounts & Integrations → Add New Account (top right) → HashiCorp Vault
Purpose
HashiCorp Vault is commonly used to store and manage secrets across enterprise systems. SailPoint Entro integrates with Vault to:
-
Discover and analyze secret metadata across paths
-
Correlate secret ownership with NHIs
-
Identify configuration and policy misconfigurations
-
Provide continuous monitoring without secret value access
Architecture
┌───────────────────────────────┐
│ Entro Security Cloud │
│ (Secret & NHI Detection) │
└──────────────┬────────────────┘
│ HTTPS (TLS 1.2+)
▼
┌───────────────────────────────┐
│ HashiCorp Vault │
│ (Secrets, Policies, Tokens) │
└───────────────────────────────┘
Security Model
-
SailPoint Entro connects using a read-only ACL policy
-
No secret values or credentials are ever extracted
-
All tokens and policies are encrypted using AES-256
-
All communication occurs via HTTPS/TLS 1.2+
-
Integration complies with SOC 2 Type II, ISO 27001, and GDPR
Integration Flow
-
Create a Vault ACL policy
Create a Vault ACL policy for SailPoint Entro read-only access.
-
Generate a Vault token
Generate a Vault token bound to the created policy.
-
Provide Vault Server URL and Token
Provide the Vault Server URL and Token in the SailPoint Entro onboarding form.
-
Validation and scanning
SailPoint Entro validates connectivity and begins scanning Vault metadata.