I have started a HashiCorp Vault Cypher Plugin that supports both KV1 and KV2 vault secret engines. It is intended to extend upon the native vault integration that currently exists within Morpheus Cypher Core and provide extensible HashiCorp Vault secret engine support. Currently this plugin supports KV1 and KV2 engines but can be extended by the Community to support other engines within the future. The native Morpheus vault integration will only support KV2.
Please feel free to extend/add-to this plugin via public pull requests.
Update: 24/06/2022
HashiCorp Vault Cypher Plugin version 1.2.0 is designed to supersede the native vault integration and will use the “vault” mountpoint instead of “hashicorpVault”. Cypher — Morpheus Docs documentation will be updated with how to use the plugin. The plugin will also be made official on https://share.morpheusdata.com/
Hello, I have a question about using the Vault on Cypher
Is this line for creating KV2 correct? because it failed and seems still requesting for v1 in the Morpheus log.
I’m also using a path that successfully used on the Trust → Credential menu
the line is:
vault/kv2/secret/morpheus-credentials/test-kv2
Hello, thank you for the help, it’s working when I add the /data/ path
Also, an extra question, does this only work 1 way? Because if I change the secret value from the vault UI, it didn’t sync the new value when I decrypt it from the Cypher menu, while the Trust menu is able to sync the new secret value.
I think that is something we should look into. Currently, if you are referencing pre-existing HashiCorp cypher entries (that have not been added via Tools → Cypher) directly within your automation scripts then Morpheus will read any changes made within the vault UI. If you have created a new HashiCorp Cypher entry via Tools → Cypher, then changes made in the Vault backend are not reflected in Morpheus.
You could raise this as an issue on the plugin github repository if this behaviour is impacting your usage?
