UIPath and HashiCorp Vault

Hello,

I wanted to know if an integration between UIPath and HashiCorp Vault is in your backlog?

Thanks,

I’m interesting in knowing that as well?!

Any update about this? My company is really interested in that too!

We are deploying the same integration - is there any update on the progress of integration with HashiCorp Vault ?

Sorry to tag you @loginerror, but perhaps you can help answer the question? I know this is a while ago, however to keep the thread updated for new visitors.

Hi @sonnymeyer

This is something our team is considering for future releases. Feel free to contact our technical support, as there might be a way to implement it:

But just to be clear - is your question about on-premise or cloud Orchestrator?

We’re considering building this as a custom activity. I’d love to get some feedback from people using Vault today and how they’re using it currently. Email me at mark@formulatedautomation.com.

I’ll update this thread if we release an activity.

1 Like

We ended up using the Vault HTTP API for most of this versus jumping into writing a custom activity. You can see a demo of it here - StupidRobotTricks/README.md at main · FormulatedAutomation/StupidRobotTricks · GitHub

Happy for any feedback on this solution.

Regards,
Mark

1 Like

Hi @MarkFormulated

If you feel like it, feel free to create a new topic in our #news:faq category with enough context on the method (it is fine linking to the GitHub page, but some extra context within the topic itself would be nice so that our users know what to expect when they click the link).

That category has a higher search priority precisely for nice tutorials like the one here :slight_smile:

I have been working on a Hashicorp Vault credential store plugin that you can find in this PR: Hashicorp Vault Plugin by cosminvlad · Pull Request #9 · UiPath/Orchestrator-CredentialStorePlugins · GitHub
Maybe you want to give that a spin and give me some feedback.

1 Like

Hi George,

Thanks for the work you’ve done on this plugin! I have been trying to get your plugin to work in the context of my organization and do have some feedback:

I was hoping this plugin would work more similarly to how the CyberArk plugin works. I.e. that Orchestrator’s access to the Hashicorp Vault would be read-only, and that an “External Name” field (rather than the Orchestrator asset name) would be what connected the credential in Orchestrator to the credential in Hashicorp.

Having the credential linked by Orchestrator-asset-name to Hashicorp-credential-key is problematic, particularly when I am trying to deal with credentials that have user-/bot-specific values rather than a single Global Value. (See screenshot below for what I am talking about in Orchestrator.) I tested the functionality with these user-specific credentials, and it appears that adding user-specific credentials on the Orchestrator end simply rewrites/overwrites the value of a single credential on the Hashicorp end. If this were read-only and we could link by “External Name” here, we should be able to link a single Orchestrator asset to multiple user-specific credentials in Hashicorp.

I did notice that there is a HashicorpVaultReadOnlySecureStore.cs file in your Git repo for this plugin. Is it possible that the functionality I’ve described above is already available if I adjust certain settings and/or build the project differently in Visual Studio? I am not particularly familiar with Visual Studio or the mechanics behind building/compiling projects. Let me know if there’s something I can do to alter the plugin’s behavior to make it (A) read-only and (B) utilize an “External Name” link rather than simply asset name.

Regards,

Riley

I just created a release: Release SecureStore.HashicorpVault 1.0.0 · UiPath/Orchestrator-CredentialStorePlugins · GitHub
This release, when installed, should give you two credential stores in the dropdown: “Hashicorp Vault” (read-write, like Azure Key Vault) and “Hashicorp Vault - Read Only” (read-only, like CyberArk).

2 Likes

@CosminV , thanks so much for your help with this plugin. I’m happy to report that the most-recent version of the plugin (v1.0.2: Release SecureStore.HashicorpVault 1.0.2 · UiPath/Orchestrator-CredentialStorePlugins · GitHub) gives us the read-only functionality we were anticipating/hoping for. (This read-only functionality also resolves the “bot-specific credentials” issue I mentioned in my earlier post.)

Really appreciate your follow-up and help with this!

1 Like

We’re deploying the same integration; is there any news about how the HashiCorp Vault integration is progressing?

Per all of the testing my organization has done so far, the version of the plugin I mention above appears to be working well.

1 Like

Is this something that might be added to Automation Cloud? My organization is interested in using HashiCorp, but we’re on Automation Cloud. Ideally having it show up as a credential store, just like Azure Keyvault and CyberArk.

It is not planned at this time. CC @Ovidiu_Constantin