Secret Store Integration

Overview

In the Integrations menu, you can input and manage information for the Secret Store.

Secret Store allows secure management of database and server credentials, enabling safe access to databases and servers without exposing credentials directly to users. You can configure it to retrieve authentication information from the Secret Store rather than storing it internally in QueryPie.

The actual use of Secret Store can be configured in the Security menu. Here is a list of Secret Store services currently supported or planned to be supported by QueryPie.

• HashiCorp Vault

• AWS Secret Manager (planned support)

Prerequisites for Vault Integration:

1. Vault Server for QueryPie Integration:

   • The Vault server must be operational. It should be running, capable of handling API requests, and able to perform authentication processing.

2. Credentials Stored in Vault:

   • To integrate with Vault, you must pre-store the authentication information for services (e.g., databases, servers) that will access Vault. This includes the access rights and authentication details (e.g., username, password, API key) for the services you intend to integrate.

3. Correct Path for Credential Retrieval:

   • The path used to identify credentials in Vault must be accurate. This path specifies which credentials to retrieve from Vault and links to the stored resources and credentials.

• For more detailed configuration of Vault, please refer to the official Hashicorp Vault Documentation.

To store authentication information in Secret Store within QueryPie, you need to enable Secret Store usage on the Security page after completing the Vault integration. For detailed instructions, refer to the Security > Secret Store Configuration document.

Viewing HashiCorp Vault Integration Information

1. Navigate to the Administrator > General > System > Integrations > HashiCorp Vault menu.

2. Click the HashiCorp Vault tile under Secret Store.

3. View the list of currently integrated Vault instances.

Deleting HashiCorp Vault Integration Information

Navigate to the Administrator > General > Security to disable Secret Store on the Security Page. You must first delete all integrated Vault information. Delete all linked Vault configurations to disable Secret Store.

1. Select checkboxes in the table to display the Delete button in the header area. Click the button.

2. In the confirmation modal, click OK button.

3. Confirm the deletion of the selected items in the list.

Entering HashiCorp Vault Integration Information

1. Click the Connect button on the HashiCorp Vault page.

2. Name : Enter a name for the Secret Store.

3. Service : Select the service (DB or Server) to use with this Secret Store.

   1. The Service field cannot be changed after saving.

4. Enter the authentication information for integration according to the selected Secret Store type.

   1. Server Address : Enter the address of the Secret Store server.

   2. Auth Method : Choose the authentication method for QueryPie and Vault. 

      1. Currently, token-based authentication is supported.

   3. Secret Engine : Select the type of HashiCorp Vault Secret Engine. 

      1. Supported types are Database and K/V engine 2.

      2. Secret Engine cannot be changed after saving.

      3. If you need to make changes, you must first remove the Secret Store settings from all connections and then reconfigure them.

5. Namespace : Enter the Vault namespace.

6. Once you have entered all the required information, click the Verify Integration button.

   1. If all information is correctly entered, a Success message will appear.

7. Click OK to save the settings.