Skip to Content
Administrator ManualGeneralSystemIntegrationsIntegrating with Secret Store

Overview

In the Integrations menu, you can enter and manage Secret Store information.

Through Secret Store, you can securely manage DB and server authentication information, and safely connect to DB and servers without directly exposing authentication information to users. When storing connection information, you can configure it to authenticate by retrieving authentication information from Secret Store rather than storing it within QueryPie.

The actual use of Secret Store can be configured in the Security menu. The following is a list of Secret Store services currently supported by QueryPie.

  • HashiCorp Vault
  • Microsoft Active Directory

Prerequisites for Vault Integration:

  1. Vault Server for QueryPie Integration:
    • To integrate with Vault, the Vault server must be running. The Vault service must be running, able to process API requests, and perform authentication in Vault.
  2. Authentication Information for Resources Stored in Vault:
    • To integrate with Vault, authentication information for services (e.g., DB, Server, etc.) that will connect to Vault must be pre-stored. This means having access permissions and authentication information (e.g., Username, Password, API keys, etc.) for the services to be integrated stored in Vault.
  3. Correct Path for Retrieving Authentication Information:
    • The path used to identify credentials stored in Vault must be accurate. This refers to the path that specifies which credentials to retrieve from Vault. This path is connected to resources and credentials stored in Vault.

To actually store authentication information in Secret Store from QueryPie, you must enable Secret Store usage in the Security page after completing Vault integration. For detailed information, please refer to the Security l Secret Store configuration documentation.

Viewing HashiCorp Vault Integration Information

Administrator > General > System > Integrations > HashiCorp Vault

Administrator > General > System > Integrations > HashiCorp Vault

  1. Navigate to Administrator > General > System > Integrations menu.
  2. Click on the HashiCorp Vault tile under Secret Store.
  3. You can view the list of currently integrated Vault instances.

Deleting HashiCorp Vault Integration Information

To disable Secret Store activation in the Administrator > General > Security page, you must first delete all integrated Vault information. The following is how to delete integration information.

Administrator > General > System > Integrations > HashiCorp Vault > Delete

Administrator > General > System > Integrations > HashiCorp Vault > Delete

  1. When you select a checkbox in the table, a Delete button appears in the header area. Click the button.
  2. Click the OK button in the deletion confirmation modal.
  3. Confirm that the selected list item has been deleted from the list.

Entering HashiCorp Vault Integration Information

Administrator > General > System > Integrations > HashiCorp Vault > Connect

Administrator > General > System > Integrations > HashiCorp Vault > Connect

  1. Click the Connect button on the HashiCorp Vault page.
  2. Name : Enter the name of the Secret Store.
  3. Service : Select the service (DB or Server) that will use this Secret Store connection.
    1. Service items cannot be changed after saving.
  4. Enter authentication information for integration according to the selected Secret Store type.
    1. Server Address : Enter the address of the Secret Store server.
    2. Auth Method : Select the authentication method between QueryPie and Vault.
      1. Token : Authentication method using a Token issued by Vault.
      2. AppRole : Authentication method using a combination of Role ID and Secret ID.
        1. Role ID : Unique identifier required for AppRole authentication.
        2. Secret ID : Secret credentials required for login.
    3. Secret Engine : Select the Secret Engine type of Hashicorp Vault.
      1. Currently supports 4 types: Database, K/V, SSH OTP, SSH CA engines.
      2. Secret Engine cannot be changed after saving.
      3. To change, you need to disable Secret Store settings for all connections and reconfigure.
  5. Namespace : Enter the Vault Namespace.
    1. Namespace items cannot be changed after saving.
  6. After entering all necessary information, click the Verify integration button.
    1. If all information is entered correctly: :check_mark: Success message will be displayed.
  7. Click the OK button to save.

Prerequisites for Active Directory Integration:

  1. Active Directory Server : The AD server to be integrated with QueryPie must be running normally and support LDAPS (LDAP over SSL) connections.
  2. Administrator Account Information : Information (username, password) of an account with permissions to connect to AD and change passwords of other user accounts is required.
  3. Network Settings : QueryPie server must be able to access the LDAPS port (default: 636) of the AD server.

Viewing Active Directory Integration Information

Administrator > General > System > Integrations > Microsoft Active Directory

Administrator > General > System > Integrations > Microsoft Active Directory

  1. Navigate to Administrator > General > System > Integrations menu.
  2. Click on the Microsoft Active Directory (AD) tile.
  3. You can view the list of currently integrated AD information.

Deleting Active Directory Integration Information

Screenshot-2025-07-22-at-11.33.43-AM.png

  1. Select the checkbox for the AD information item you want to delete in the table, and a Delete button will appear in the header area. Click that button.
  2. Click the OK button in the deletion confirmation modal.
  3. Confirm that the selected item has been deleted from the list.

Important Notes When Deleting Active Directory Before deleting Active Directory integration information, you must first delete all individual accounts (UPN) connected to that AD domain. Please proceed with the following procedure after deleting all related accounts in Admin > Servers> Account Management > Active Directory tab.

Entering Active Directory Integration Information

Screenshot-2025-07-22-at-11.33.26-AM.png

  1. Click the + Connect button on the Active Directory page.
  2. Enter the information required for integration.
    1. Name : Enter the name of the integration information.
    2. Domain Information : Enter the domain name of the Active Directory that will manage passwords.
    3. Server Address : Enter the address of the Active Directory server.
    4. Auth Type : Authentication method is fixed to LDAPS.
    5. Port : Enter the LDAPS port number. (Default: 636)
    6. Admin Account : Enter the username of the administrator account that will connect to AD. This account needs permissions to change passwords of other users.
    7. Admin Password : Enter the password of the administrator account.
  3. After entering all information, click the Verify Integration button to verify integration with the AD server.
  4. When the integration verification success message is displayed, click the Save button to complete the setup.
Last updated on
Integrating with SplunkIntegrating with Email