HashiCorp Vault is a tool for securely accessing secrets. A secret is anything that you want to tightly control access to, such as API keys, passwords, or certificates. Vault provides a unified interface to any secret, while providing tight access control and recording a detailed audit log.
A modern system requires access to a multitude of secrets: database credentials, API keys for external services, credentials for service-oriented architecture communication, etc. Understanding who is accessing what secrets is already very difficult and platform-specific. Adding on key rolling, secure storage, and detailed audit logs is almost impossible without a custom solution. This is where Vault steps in.
ServiceNow® MID servers can use the Vault Credential Resolver to consume secrets directly from Vault for the purpose of performing discovery.
The following features are supported by the Vault Credential Resolver:
- KV (v1 & v2), Active Directory and AWS secret engines.
- Communication with Vault via Vault Agent.
- TLS communication with Vault Agent.